nanog mailing list archives
Re: backtracking forged packets?
From: Saku Ytti <saku () ytti fi>
Date: Sat, 14 Mar 2020 13:08:35 +0200
On Sat, 14 Mar 2020 at 08:26, William Herrin <bill () herrin us> wrote:
Can anyone suggest tools, techniques and helpful contacts for backtracking spoofed packets? At the moment someone is forging TCP syns from my address block. I'm getting the syn/ack and icmp unreachable backscatter. Enough that my service provider briefly classified it a DDOS. I'd love to find the culprit.
Check source interface for a flow from netflow. Good luck doing this across multiple admin domains. -- ++ytti
Current thread:
- Re: backtracking forged packets?, (continued)
- Re: backtracking forged packets? nanog (Mar 14)
- Re: backtracking forged packets? Alain Hebert (Mar 16)
- Re: backtracking forged packets? William Herrin (Mar 14)
- Re: backtracking forged packets? Jean | ddostest.me via NANOG (Mar 14)
- Re: backtracking forged packets? Damian Menscher via NANOG (Mar 14)
- Re: backtracking forged packets? Amir Herzberg (Mar 15)
- Re: backtracking forged packets? Jean | ddostest.me via NANOG (Mar 15)
- Re: backtracking forged packets? William Herrin (Mar 15)
- Re: backtracking forged packets? Amir Herzberg (Mar 15)
- Re: backtracking forged packets? nanog (Mar 14)
- Re: backtracking forged packets? Octolus Development (Mar 15)