[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

backtracking forged packets?

Subject: backtracking forged packets?
From: saku at ytti.fi (Saku Ytti)
Date: Sat, 14 Mar 2020 13:08:35 +0200
In-reply-to: <CAP-guGVJ6onnkWmLCg60_c5C_X0CNU4Nm=262yMrKLgXXrChtQ@mail.gmail.com>
References: <CAP-guGVJ6onnkWmLCg60_c5C_X0CNU4Nm=262yMrKLgXXrChtQ@mail.gmail.com>

On Sat, 14 Mar 2020 at 08:26, William Herrin <bill at herrin.us> wrote:

> Can anyone suggest tools, techniques and helpful contacts for
> backtracking spoofed packets? At the moment someone is forging TCP
> syns from my address block. I'm getting the syn/ack and icmp
> unreachable backscatter. Enough that my service provider briefly
> classified it a DDOS. I'd love to find the culprit.

Check source interface for a flow from netflow. Good luck doing this
across multiple admin domains.

-- 
  ++ytti

References:
- backtracking forged packets?
  - From: bill at herrin.us (William Herrin)

Prev by Date: backtracking forged packets?
Next by Date: backtracking forged packets?
Previous by thread: backtracking forged packets?
Next by thread: backtracking forged packets?
Index(es):
- Date
- Thread