Reaching out to Sony NOC, resolving DDoS Issues - Need POC
Hugo Slabbert
hugo at slabnet.com
Tue Jan 7 18:10:29 UTC 2020
And you're sure that you are the reflection target not the reflection
vector?
As in it's definitely the case that you are the *target* here (your IP
addresses are being spoofed, and the reflection attack is hitting you)
rather than that someone is abusing endpoints in your network, i.e.
reflecting off of your endpoints with Sony's addresses as the spoofed
source such that Sony is getting targeted?
If the former: How is Sony involved there? Are people spoofing your source
addresses and trying to reflect off of Sony? Or how else did Sony catch
wind of it?
--
Hugo Slabbert | email, xmpp/jabber: hugo at slabnet.com
pgp key: B178313E | also on Signal
On Tue, Jan 7, 2020 at 9:58 AM Töma Gavrichenkov <ximaera at gmail.com> wrote:
> Peace,
>
> On Mon, Jan 6, 2020, 9:27 PM Octolus Development <admin at octolus.net>
> wrote:
>
>> We're facing some reflected DDoS attacks, where the source address is
>> spoofed to appear to be our IPs, and as a result getting blacklisted.
>> Sony's support has told us to "change IPs"
>>
>
> Wait, are they blacklisting spoofed IP(v4?) addresses? If so, this is
> hilarious. When at some point they will finally blacklist the whole 0/0,
> the problem will be solved by itself.
>
> Still, are you completely sure this is the accurate description of what
> they are doing?
>
> --
> Töma
>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20200107/7e088c83/attachment.html>
More information about the NANOG
mailing list