nanog mailing list archives
Re: did facebook just DoS me?
From: Kurt Kraut <listas () kurtkraut net>
Date: Tue, 4 Apr 2017 21:47:23 -0300
Hello Mr. Mata, I'd like to register you might not be the only one. At work, I deal with DDoS on a daily basis. A pretty common UDP DDoS attack was hiting random IPs of our autonomous system and I applied a bunch of rules to block it. There rule had exceptions for content providers with high demand, like Google, Facebook and Akamai. For my surprise, after I applied my DROP rules, there was still a significant amount of traffic reaching the target servers. I perform some PCAPs I many IP addresses belonged to Facebook. At first I thought: - 'Clever attacker. He guesses I could not be as severe as I am to regular UDP traffic if the origin was Facebook and he deliberately spoofed their IP address.' But one of my collegues quickly realized the incoming MAC ADDRESS was the actual Facebook router we have a peering at a internet exchange. So indeed the traffic came from their network. The UDP source IP address is not enough to drag to this conclusion, but the MAC ADDRESS was very convincing to me. Best regards, Kurt Kraut 2017-04-03 19:46 GMT-03:00 Miguel Mata <mmata () intercom com sv>:
Guys and gals, just received a DoS from supposedly Facebook. Any contact of way of getting in touch with them? Thanks.
Current thread:
- did facebook just DoS me? Miguel Mata (Apr 04)
- Re: did facebook just DoS me? Compton, Rich A (Apr 04)
- Re: did facebook just DoS me? Damian Menscher via NANOG (Apr 04)
- Re: did facebook just DoS me? Kurt Kraut (Apr 04)
- Re: did facebook just DoS me? Christopher Morrow (Apr 04)
- Re: did facebook just DoS me? Kurt Kraut (Apr 04)
- Re: did facebook just DoS me? Christopher Morrow (Apr 04)
- Re: did facebook just DoS me? J. Hellenthal (Apr 04)
- Re: did facebook just DoS me? Christopher Morrow (Apr 04)
- Re: did facebook just DoS me? Compton, Rich A (Apr 04)
- Re: did facebook just DoS me? Matt Palmer (Apr 04)