Reaching out to Sony NOC, resolving DDoS Issues - Need POC

• Previous message (by thread): Reaching out to Sony NOC, resolving DDoS Issues - Need POC
• Next message (by thread): Reaching out to Sony NOC, resolving DDoS Issues - Need POC
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Jan 28, 2020, at 07:39, Mike Hammett <nanog at ics-il.net> wrote:

If someone is being spoofed, they aren't receiving the spoofed packets. How are they supposed to collect anything on the attack?

OP stated that *his own network* was being packeted with a TCP reflection/amplification attack.

This means that if he's collecting flow telemetry from his edge routers, he sees the details of the resultant attack traffic, & since that attack traffic isn't spoofed from his perspective, he can ask the networks on which the abused reflectors/amplifiers reside, & their peers/transits he can infer, to perform traceback, & work it network-by-network.

And even if his network weren't on the receiving end of a reflection/amplification attack, OP could still see backscatter, as Jared indicated.

Instrumenting one's network in order to achieve visibility into one's traffic is quite beneficial.  It's easy & inexpensive to get started with open-source tools.


--------------------------------------------

Roland Dobbins <roland.dobbins at netscout.com>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20200128/44e07a38/attachment.html>

• Previous message (by thread): Reaching out to Sony NOC, resolving DDoS Issues - Need POC
• Next message (by thread): Reaching out to Sony NOC, resolving DDoS Issues - Need POC
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]