TCP-AMP DDoS Attack - Fake abuse reports problem

["Octolus Development" <admin () octolus net>]

A very old attack method called TCP-AMP ( https://pastebin.com/jYhWdgHn [https://pastebin.com/jYhWdgHn] ) has been 
getting really popular recently. 

I've been a victim of it multiple times on many of my IP's and every time it happens - My IP's end up getting 
blacklisted in major big databases. We also receive tons of abuse reports for "Port Scanning".

Example of the reports we're getting:
tcp: 51.81.XX.XX:19342 -> 209.208.XX.XX:80 (SYN_RECV)
tcp: 51.81.XX.XX:14066 -> 209.208.XX.XX:80 (SYN_RECV)

OVH are threatening to kick us off their network, because we are victims of this attack. And requesting us to do 
something about it, despite the fact that there is nothing you can do when you are being victim of an DDoS Attack.

Anyone else had any problems with these kind of attacks?

The attack basically works like this;
- The attacker scans the internet for TCP Services, i.e port 80.
- The attacker then sends spoofed requests from our IP to these TCP Services, which makes the remote service attempt to 
connect to us to initiate the handshake.. This clearly fails.
... Which ends up with hundreds of request to these services, reporting us for "port flood".