Reaching out to Sony NOC, resolving DDoS Issues - Need POC

• Previous message (by thread): Reaching out to Sony NOC, resolving DDoS Issues - Need POC
• Next message (by thread): Reaching out to Sony NOC, resolving DDoS Issues - Need POC
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The problem is that they are spoofing our IP, to millions of IP's running port 80.
Making upstream providers filter it is quite difficult, i don't know all the upstream providers are used. 

The main problem is honestly services that reports SYN_RECV as Port Flood, but there isn't much one can do about misconfigured firewalls.I am sure there is a decent amount of honeypots on the internet acting the same way, resulting us (the victims of the attack) getting blacklisted for 'sending' attacks.
On 28.01.2020 05:50:14, "Dobbins, Roland" <roland.dobbins at netscout.com> wrote:


On Jan 28, 2020, at 11:40, Dobbins, Roland <Roland.Dobbins at netscout.com> wrote:


And even if his network weren't on the receiving end of a reflection/amplification attack, OP could still see backscatter, as Jared indicated. 

In point of fact, if the traffic was low-volume, this might in fact be what he was seeing. 

--------------------------------------------
Roland Dobbins <roland.dobbins at netscout.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20200128/18bce8d2/attachment.html>

• Previous message (by thread): Reaching out to Sony NOC, resolving DDoS Issues - Need POC
• Next message (by thread): Reaching out to Sony NOC, resolving DDoS Issues - Need POC
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]