[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Reaching out to Sony NOC, resolving DDoS Issues - Need POC
Transit carriers could work the flows backwards.
-Ben Cannon
CEO 6x7 Networks & 6x7 Telecom, LLC
ben at 6by7.net <mailto:ben at 6by7.net>
> On Jan 27, 2020, at 4:39 PM, Mike Hammett <nanog at ics-il.net> wrote:
>
> If someone is being spoofed, they aren't receiving the spoofed packets. How are they supposed to collect anything on the attack?
>
> Offending host pretending to be Octolus -> Sony -> Real Octolus.
>
>
>
>
> -----
> Mike Hammett
> Intelligent Computing Solutions
> http://www.ics-il.com <http://www.ics-il.com/>
>
> Midwest-IX
> http://www.midwest-ix.com <http://www.midwest-ix.com/>
>
> From: "Roland Dobbins" <Roland.Dobbins at netscout.com <mailto:Roland.Dobbins at netscout.com>>
> To: "Octolus Development" <admin at octolus.net <mailto:admin at octolus.net>>
> Cc: "Heather Schiller via NANOG" <nanog at nanog.org <mailto:nanog at nanog.org>>
> Sent: Monday, January 27, 2020 6:29:16 PM
> Subject: Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC
>
>
>
> On Jan 28, 2020, at 04:12, Octolus Development <admin at octolus.net <mailto:admin at octolus.net>> wrote:
>
> It is impossible to find the true origin of where the spoofed attacks are coming from.
>
> This is demonstrably untrue.
>
> If you provide the requisite information to operators, they can look through their flow telemetry collection/analysis systems in order to determine whether the spoofed traffic traversed their network; if it did so, they will see where it ingressed their network.
>
> With enough participants who have this capability, it's possible to trace the spoofed traffic back to its origin network, or at least some network or networks topologically proximate to the origin network.
>
> That's what Damian is suggesting.
>
> --------------------------------------------
> Roland Dobbins <roland.dobbins at netscout.com <mailto:roland.dobbins at netscout.com>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20200127/035111b2/attachment.html>
- References:
- Reaching out to Sony NOC, resolving DDoS Issues - Need POC
- From: kmedcalf at dessus.com (Keith Medcalf)
- Reaching out to Sony NOC, resolving DDoS Issues - Need POC
- From: nanog at radu-adrian.feurdean.net (Radu-Adrian Feurdean)
- Reaching out to Sony NOC, resolving DDoS Issues - Need POC
- From: admin at octolus.net (Octolus Development)
- Reaching out to Sony NOC, resolving DDoS Issues - Need POC
- From: mlm at pixelgate.net (Mark Milhollan)
- Reaching out to Sony NOC, resolving DDoS Issues - Need POC
- From: admin at octolus.net (Octolus Development)
- Reaching out to Sony NOC, resolving DDoS Issues - Need POC
- From: damian at google.com (Damian Menscher)
- Reaching out to Sony NOC, resolving DDoS Issues - Need POC
- From: admin at octolus.net (Octolus Development)
- Reaching out to Sony NOC, resolving DDoS Issues - Need POC
- From: Roland.Dobbins at netscout.com (Dobbins, Roland)
- Reaching out to Sony NOC, resolving DDoS Issues - Need POC
- From: nanog at ics-il.net (Mike Hammett)