<body><div id="__MailbirdStyleContent" style="font-size: 10pt;font-family: Arial;color: #000000">
<div style="font-size: 13.3333px">The thing is.</div><div style="font-size: 13.3333px"><br></div><div style="font-size: 13.3333px">I can buy a brand new IP.</div><div style="font-size: 13.3333px">It works fine on the websites.</div><div style="font-size: 13.3333px"><br></div><div style="font-size: 13.3333px">The moment it's hit by a DDoS Attack (TCP-AMP) .. Only 24-48 hours later, it's banned from all Inculpsa's aka Imperva's websites :) so something is horrible done wrong on their end and they're not interested in helping.. neither is Sony.</div><div class="mb_sig"></div><blockquote class="history_container" type="cite" style="border-left-style:solid;border-width:1px; margin-top:20px; margin-left:0px;padding-left:10px;">
<p style="color: #AAAAAA; margin-top: 10px;">On 08.01.2020 20:26:14, Lukas Tribus <lists@ltri.eu> wrote:</p><div style="font-family:Arial,Helvetica,sans-serif">Hello,
<br>
<br>
<br>On Wed, 8 Jan 2020 at 18:26, Octolus Development <admin@octolus.net> wrote:
<br>>
<br>> The error it displays on both Sony, and Imperva (and whatever websites who uses their protection). So this problem is not with Sony, but rather Imperva blocking IP's wildly.
<br>>
<br>> The IP's are not blocks, it's a single IP and the block/blacklist lifts after 7 days.
<br>>
<br>> Error that appears on those websites, including imperva themself:
<br>> This page can't be displayed. Contact support for additional information.
<br>> The incident ID is: N/A.
<br>
<br>That looks like a WAF, so reflection/spoofing is probably *not* the
<br>reason your IPs ended up on those lists.
<br>
<br>I assume what you see looks similar to what this returns (a request
<br>that looks like a sql injection):
<br>
<br>https://www.imperva.com/bla%20OR%201=1
<br>
<br>
<br>A few of those hits, or crossing a certain threshold per IP (very easy
<br>for CGN IPs), and your IP probably ends up on those lists I guess. And
<br>of course those endpoints are not IPv6 enabled, so behind CGN the end
<br>customers shares his luck with it's neighbors even if everything is
<br>IPv6 enabled.
<br>
<br>
<br>Imperva, is that the "cybersecurity firm" that was breached 6 months ago?
<br>
<br>https://krebsonsecurity.com/2019/08/cybersecurity-firm-imperva-discloses-breach/
<br>
<br>
<br>
<br>Lukas
<br></admin@octolus.net></div></blockquote>
</div></body>