backtracking forged packets?
Saku Ytti
saku at ytti.fi
Sat Mar 14 11:08:35 UTC 2020
On Sat, 14 Mar 2020 at 08:26, William Herrin <bill at herrin.us> wrote:
> Can anyone suggest tools, techniques and helpful contacts for
> backtracking spoofed packets? At the moment someone is forging TCP
> syns from my address block. I'm getting the syn/ack and icmp
> unreachable backscatter. Enough that my service provider briefly
> classified it a DDOS. I'd love to find the culprit.
Check source interface for a flow from netflow. Good luck doing this
across multiple admin domains.
--
++ytti
More information about the NANOG
mailing list