backtracking forged packets?

• Previous message (by thread): backtracking forged packets?
• Next message (by thread): backtracking forged packets?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, 14 Mar 2020 at 08:26, William Herrin <bill at herrin.us> wrote:

> Can anyone suggest tools, techniques and helpful contacts for
> backtracking spoofed packets? At the moment someone is forging TCP
> syns from my address block. I'm getting the syn/ack and icmp
> unreachable backscatter. Enough that my service provider briefly
> classified it a DDOS. I'd love to find the culprit.

Check source interface for a flow from netflow. Good luck doing this
across multiple admin domains.

-- 
  ++ytti

• Previous message (by thread): backtracking forged packets?
• Next message (by thread): backtracking forged packets?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]