nanog mailing list archives
Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC
From: "Dobbins, Roland" <Roland.Dobbins () netscout com>
Date: Tue, 28 Jan 2020 04:39:23 +0000
On Jan 28, 2020, at 07:39, Mike Hammett <nanog () ics-il net> wrote: If someone is being spoofed, they aren't receiving the spoofed packets. How are they supposed to collect anything on the attack? OP stated that *his own network* was being packeted with a TCP reflection/amplification attack. This means that if he's collecting flow telemetry from his edge routers, he sees the details of the resultant attack traffic, & since that attack traffic isn't spoofed from his perspective, he can ask the networks on which the abused reflectors/amplifiers reside, & their peers/transits he can infer, to perform traceback, & work it network-by-network. And even if his network weren't on the receiving end of a reflection/amplification attack, OP could still see backscatter, as Jared indicated. Instrumenting one's network in order to achieve visibility into one's traffic is quite beneficial. It's easy & inexpensive to get started with open-source tools. -------------------------------------------- Roland Dobbins <roland.dobbins () netscout com>
Current thread:
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC, (continued)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Damian Menscher via NANOG (Jan 27)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Töma Gavrichenkov (Jan 27)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Damian Menscher via NANOG (Jan 27)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Töma Gavrichenkov (Jan 27)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Töma Gavrichenkov (Jan 27)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Damian Menscher via NANOG (Jan 27)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Töma Gavrichenkov (Jan 27)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Jean | ddostest.me via NANOG (Jan 28)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Jared Mauch (Jan 27)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Töma Gavrichenkov (Jan 27)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Dobbins, Roland (Jan 27)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Dobbins, Roland (Jan 27)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Octolus Development (Jan 28)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Dobbins, Roland (Jan 28)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Tom Beecher (Jan 28)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Octolus Development (Jan 28)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Jean | ddostest.me via NANOG (Jan 28)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Octolus Development (Jan 28)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Damian Menscher via NANOG (Jan 28)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC xanonyws (Jan 29)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Jean | ddostest.me via NANOG (Jan 30)