[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Reaching out to Sony NOC, resolving DDoS Issues - Need POC

Subject: Reaching out to Sony NOC, resolving DDoS Issues - Need POC
From: ximaera at gmail.com (Töma Gavrichenkov)
Date: Tue, 28 Jan 2020 04:42:59 +0300
In-reply-to: <CABSP1OevdD1ybpXCXKMkVvnp0zLtwPS5fMGtqw1wot7mdcmqSQ@mail.gmail.com>
References: <[email protected]> <[email protected]> <[email protected]> <CABSP1OfRO3HXBNs+uexDgQh4BuPLs0+UYi7s_FGCeyvMEP2c6g@mail.gmail.com> <[email protected]> <[email protected]> <2140921428.4363.1580171956089.JavaMail.mhammett@ThunderFuck> <[email protected]> <1615784318.4386.1580172824009.JavaMail.mhammett@ThunderFuck> <CABSP1Ocw9GsYz9D=Aabd0YCUEA7botX+8-UznG0TbJE7cE=7Kw@mail.gmail.com> <CALZ3u+YM5Sj3zdeJMzpLv_YCcyz1LGoD=qhOkZJzm5eCjpG=1g@mail.gmail.com> <CABSP1OevdD1ybpXCXKMkVvnp0zLtwPS5fMGtqw1wot7mdcmqSQ@mail.gmail.com>

Peace,

On Tue, Jan 28, 2020, 4:32 AM Damian Menscher <damian at google.com> wrote:

> On Mon, Jan 27, 2020 at 5:10 PM TÃ¶ma Gavrichenkov <ximaera at gmail.com>
> wrote:
>
>> If this endpoint doesn't connect to anything outside of their network,
>> then yes.
>> If it does though, the design of the filter might become more complicated.
>>
>
> Not really... just requires sorting by volume.  Turns out most legitimate
> hosts don't send high-volume syn packets. ;)
>

This is a good *detection* technique, but you cannot filter by volume in
transit if the set of destinations is large (and random) enough, and you
don't have a time machine.  Not sure if this is the case but might as well
be.

As for the detection of the real source, everything is technically possible
but you need certain bargaining power which a medium-sized (at best) VPN
service probably doesn't have.

--
TÃ¶ma

>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20200128/8ba59a75/attachment.html>

Follow-Ups:
- Reaching out to Sony NOC, resolving DDoS Issues - Need POC
  - From: ximaera at gmail.com (Töma Gavrichenkov)
- Reaching out to Sony NOC, resolving DDoS Issues - Need POC
  - From: damian at google.com (Damian Menscher)

References:
- Reaching out to Sony NOC, resolving DDoS Issues - Need POC
  - From: kmedcalf at dessus.com (Keith Medcalf)
- Reaching out to Sony NOC, resolving DDoS Issues - Need POC
  - From: mlm at pixelgate.net (Mark Milhollan)
- Reaching out to Sony NOC, resolving DDoS Issues - Need POC
  - From: admin at octolus.net (Octolus Development)
- Reaching out to Sony NOC, resolving DDoS Issues - Need POC
  - From: damian at google.com (Damian Menscher)
- Reaching out to Sony NOC, resolving DDoS Issues - Need POC
  - From: admin at octolus.net (Octolus Development)
- Reaching out to Sony NOC, resolving DDoS Issues - Need POC
  - From: Roland.Dobbins at netscout.com (Dobbins, Roland)
- Reaching out to Sony NOC, resolving DDoS Issues - Need POC
  - From: nanog at ics-il.net (Mike Hammett)
- Reaching out to Sony NOC, resolving DDoS Issues - Need POC
  - From: ben at 6by7.net (Ben Cannon)
- Reaching out to Sony NOC, resolving DDoS Issues - Need POC
  - From: nanog at ics-il.net (Mike Hammett)
- Reaching out to Sony NOC, resolving DDoS Issues - Need POC
  - From: damian at google.com (Damian Menscher)
- Reaching out to Sony NOC, resolving DDoS Issues - Need POC
  - From: ximaera at gmail.com (Töma Gavrichenkov)
- Reaching out to Sony NOC, resolving DDoS Issues - Need POC
  - From: damian at google.com (Damian Menscher)

Prev by Date: Reaching out to Sony NOC, resolving DDoS Issues - Need POC
Next by Date: Reaching out to Sony NOC, resolving DDoS Issues - Need POC
Previous by thread: Reaching out to Sony NOC, resolving DDoS Issues - Need POC
Next by thread: Reaching out to Sony NOC, resolving DDoS Issues - Need POC
Index(es):
- Date
- Thread