Reflection DDoS last week (was: syn flood attacks from NL-based netblocks)

• Previous message (by thread): Reflection DDoS last week (was: syn flood attacks from NL-based netblocks)
• Next message (by thread): Reflection DDoS last week (was: syn flood attacks from NL-based netblocks)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Peace,

On Thu, Aug 22, 2019 at 12:17 AM Damian Menscher <damian at google.com> wrote:
> Some additional questions, if you're able to answer them (off-list is fine if there are things that can't be shared broadly):
>   - Was the attack referred to law enforcement?

It is being referred to now.  This would most probably get going under
the jurisdiction of the Netherlands.  Whether the latter would be able
to address it properly or not remains to be seen, but honestly I'm not
quite optimistic here.

>   - Were any transit providers asked to trace the
> source of the spoofing to either stop the attack
> or facilitate the law enforcement investigation?

No.
Initially we were busy setting up the game and pushing the upstreams
to accept our new customer prefix advertisements a.s.a.p.
Afterwards we were too busy trying to understand why some of the
upstreams didn't work as expected (that part was mentioned in the
report).

Hence, tracing the source was not deemed a high priority task.

--
Töma

• Previous message (by thread): Reflection DDoS last week (was: syn flood attacks from NL-based netblocks)
• Next message (by thread): Reflection DDoS last week (was: syn flood attacks from NL-based netblocks)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]