Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC

[Ben Cannon <ben () 6by7 net>]

Transit carriers could work the flows backwards.

-Ben Cannon
CEO 6x7 Networks & 6x7 Telecom, LLC 
ben () 6by7 net <mailto:ben () 6by7 net>




> On Jan 27, 2020, at 4:39 PM, Mike Hammett <nanog () ics-il net> wrote:
>
> If someone is being spoofed, they aren't receiving the spoofed packets. How are they supposed to collect anything on 
> the attack?
>
> Offending host pretending to be Octolus -> Sony -> Real Octolus.
>
>
>
>
> -----
> Mike Hammett
> Intelligent Computing Solutions
> http://www.ics-il.com <http://www.ics-il.com/>
>
> Midwest-IX
> http://www.midwest-ix.com <http://www.midwest-ix.com/>
>
> From: "Roland Dobbins" <Roland.Dobbins () netscout com <mailto:Roland.Dobbins () netscout com>>
> To: "Octolus Development" <admin () octolus net <mailto:admin () octolus net>>
> Cc: "Heather Schiller via NANOG" <nanog () nanog org <mailto:nanog () nanog org>>
> Sent: Monday, January 27, 2020 6:29:16 PM
> Subject: Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC
>
>
>
> On Jan 28, 2020, at 04:12, Octolus Development <admin () octolus net <mailto:admin () octolus net>> wrote:
>
> It is impossible to find the true origin of where the spoofed attacks are coming from.
>
> This is demonstrably untrue. 
>
> If you provide the requisite information to operators, they can look through their flow telemetry collection/analysis 
> systems in order to determine whether the spoofed traffic traversed their network; if it did so, they will see where 
> it ingressed their network. 
>
> With enough participants who have this capability, it's possible to trace the spoofed traffic back to its origin 
> network, or at least some network or networks topologically proximate to the origin network. 
>
> That's what Damian is suggesting. 
>
> --------------------------------------------
> Roland Dobbins <roland.dobbins () netscout com <mailto:roland.dobbins () netscout com>>