[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

backtracking forged packets?

Subject: backtracking forged packets?
From: damian at google.com (Damian Menscher)
Date: Sat, 14 Mar 2020 08:42:58 -0700
In-reply-to: <CAP-guGVJ6onnkWmLCg60_c5C_X0CNU4Nm=262yMrKLgXXrChtQ@mail.gmail.com>
References: <CAP-guGVJ6onnkWmLCg60_c5C_X0CNU4Nm=262yMrKLgXXrChtQ@mail.gmail.com>

Transit providers can check their netflow and to identify the true source.
Know any good mailing lists where transit providers hang out?

If you can share the victim IP and a timestamp, I may be able to offer
additional advice off-list.

Damian

On Fri, Mar 13, 2020 at 11:24 PM William Herrin <bill at herrin.us> wrote:

> Howdy,
>
> Can anyone suggest tools, techniques and helpful contacts for
> backtracking spoofed packets? At the moment someone is forging TCP
> syns from my address block. I'm getting the syn/ack and icmp
> unreachable backscatter. Enough that my service provider briefly
> classified it a DDOS. I'd love to find the culprit.
>
> Thanks,
> Bill Herrin
>
> --
> William Herrin
> bill at herrin.us
> https://bill.herrin.us/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20200314/f86530e4/attachment.html>

References:
- backtracking forged packets?
  - From: bill at herrin.us (William Herrin)

Prev by Date: WIKI documentation Software?
Next by Date: backtracking forged packets?
Previous by thread: backtracking forged packets?
Next by thread: backtracking forged packets?
Index(es):
- Date
- Thread