backtracking forged packets?

• Previous message (by thread): backtracking forged packets?
• Next message (by thread): backtracking forged packets?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Transit providers can check their netflow and to identify the true source.
Know any good mailing lists where transit providers hang out?

If you can share the victim IP and a timestamp, I may be able to offer
additional advice off-list.

Damian

On Fri, Mar 13, 2020 at 11:24 PM William Herrin <bill at herrin.us> wrote:

> Howdy,
>
> Can anyone suggest tools, techniques and helpful contacts for
> backtracking spoofed packets? At the moment someone is forging TCP
> syns from my address block. I'm getting the syn/ack and icmp
> unreachable backscatter. Enough that my service provider briefly
> classified it a DDOS. I'd love to find the culprit.
>
> Thanks,
> Bill Herrin
>
> --
> William Herrin
> bill at herrin.us
> https://bill.herrin.us/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20200314/f86530e4/attachment.html>

• Previous message (by thread): backtracking forged packets?
• Next message (by thread): backtracking forged packets?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]