nanog mailing list archives

Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC

From: "Dobbins, Roland" <Roland.Dobbins () netscout com>
Date: Tue, 28 Jan 2020 04:39:23 +0000


On Jan 28, 2020, at 07:39, Mike Hammett <nanog () ics-il net> wrote:

If someone is being spoofed, they aren't receiving the spoofed packets. How are they supposed to collect anything on 
the attack?

OP stated that *his own network* was being packeted with a TCP reflection/amplification attack.

This means that if he's collecting flow telemetry from his edge routers, he sees the details of the resultant attack 
traffic, & since that attack traffic isn't spoofed from his perspective, he can ask the networks on which the abused 
reflectors/amplifiers reside, & their peers/transits he can infer, to perform traceback, & work it network-by-network.

And even if his network weren't on the receiving end of a reflection/amplification attack, OP could still see 
backscatter, as Jared indicated.

Instrumenting one's network in order to achieve visibility into one's traffic is quite beneficial.  It's easy & 
inexpensive to get started with open-source tools.


--------------------------------------------

Roland Dobbins <roland.dobbins () netscout com>

Current thread:

Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC, (continued)
- - - Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Damian Menscher via NANOG (Jan 27)
    - Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Töma Gavrichenkov (Jan 27)
    - Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Damian Menscher via NANOG (Jan 27)
    - Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Töma Gavrichenkov (Jan 27)
    - Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Töma Gavrichenkov (Jan 27)
    - Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Damian Menscher via NANOG (Jan 27)
    - Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Töma Gavrichenkov (Jan 27)
    - Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Jean | ddostest.me via NANOG (Jan 28)
    - Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Jared Mauch (Jan 27)
    - Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Töma Gavrichenkov (Jan 27)
    - Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Dobbins, Roland (Jan 27)
    - Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Dobbins, Roland (Jan 27)
    - Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Octolus Development (Jan 28)
    - Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Dobbins, Roland (Jan 28)
    - Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Tom Beecher (Jan 28)
    - Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Octolus Development (Jan 28)
    - Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Jean | ddostest.me via NANOG (Jan 28)
    - Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Octolus Development (Jan 28)
    - Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Damian Menscher via NANOG (Jan 28)
    - Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC xanonyws (Jan 29)
    - Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Jean | ddostest.me via NANOG (Jan 30)

(Thread continues...)