nanog mailing list archives
Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC
From: "Octolus Development" <admin () octolus net>
Date: Wed, 08 Jan 2020 16:53:59 +0100
Tracked it down. Sony are using "Imperva" which is former Incapsula. The IP's that was attacked by this DDoS Attack, have been added to their threatradar, their phone support (Imperva) literally hangs up the call when you try to question if they can provide more information about why the IP's are blocked. They said since I am not Sony, I can not request information. But here's the funny part, when connecting to their own website imperva.com from those IP's -- we are getting the exactly same error code that Sony are returning. Indicating that Imperva is the main problem here, they seem to block spoofed IP's. On 07.01.2020 21:20:08, Hugo Slabbert <hugo () slabnet com> wrote: Well, in almost any* case blacklisting reflection vectors by IP is an insanely bad practice. * — I can *think* of a use case when this could be an appropriate solution (I recall Netscout/Arbor once had such a use case), but in the overwhelming majority of incidents it is absolutely not, and you need to be one hundred percent sure you know what you're doing. Agreed; drop the vector not the address, but was looking to just clarify the direction of things a bit. NB: I have just checked the IP addresses the OP has provided me with (offlist) against our database of known reflection sources, and I confirm that none of those seem to ever host UDP software vulnerable to amplification ty; good to know. They decide to completely ignore the emails, it seems like we're being either spoofed or people are attacking us with Sony's IP space. So you're getting inbound traffic that has Sony IP space source addresses in it? That does start to sound more like people trying to reflect off of you to Sony. What's the protocol and destination ports on the traffic you're receiving with Sony source addresses (and the source ports for good measure, if they're fairly consistent)? -- Hugo Slabbert | email, xmpp/jabber: hugo () slabnet com [mailto:hugo () slabnet com] pgp key: B178313E | also on Signal On Tue, Jan 7, 2020 at 10:54 AM Töma Gavrichenkov <ximaera () gmail com [mailto:ximaera () gmail com]> wrote: Peace, On Tue, Jan 7, 2020 at 9:10 PM Hugo Slabbert <hugo () slabnet com [mailto:hugo () slabnet com]> wrote:
And you're sure that you are the reflection target not the reflection vector?
NB: I have just checked the IP addresses the OP has provided me with (offlist) against our database of known reflection sources, and I confirm that none of those seem to ever host UDP software vulnerable to amplification. -- Töma
Current thread:
- Reaching out to Sony NOC, resolving DDoS Issues - Need POC Octolus Development (Jan 06)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Josh Luthman (Jan 07)
- RE: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Tony Wicks (Jan 07)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Josh Luthman (Jan 07)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Octolus Development (Jan 07)
- RE: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Tony Wicks (Jan 07)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Josh Luthman (Jan 07)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Töma Gavrichenkov (Jan 07)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Hugo Slabbert (Jan 07)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Töma Gavrichenkov (Jan 07)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Töma Gavrichenkov (Jan 07)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Hugo Slabbert (Jan 07)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Octolus Development (Jan 08)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Lukas Tribus (Jan 08)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Octolus Development (Jan 08)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Lukas Tribus (Jan 08)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Octolus Development (Jan 08)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Hugo Slabbert (Jan 08)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Hugo Slabbert (Jan 07)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Töma Gavrichenkov (Jan 08)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Octolus Development (Jan 08)
- RE: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Keith Medcalf (Jan 08)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Radu-Adrian Feurdean (Jan 10)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Octolus Development (Jan 10)