nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC

From: Hugo Slabbert <hugo () slabnet com>
Date: Tue, 7 Jan 2020 10:10:29 -0800
And you're sure that you are the reflection target not the reflection
vector?
As in it's definitely the case that you are the *target* here (your IP
addresses are being spoofed, and the reflection attack is hitting you)
rather than that someone is abusing endpoints in your network, i.e.
reflecting off of your endpoints with Sony's addresses as the spoofed
source such that Sony is getting targeted?

If the former: How is Sony involved there?  Are people spoofing your source
addresses and trying to reflect off of Sony?  Or how else did Sony catch
wind of it?

-- 
Hugo Slabbert       | email, xmpp/jabber: hugo () slabnet com
pgp key: B178313E   | also on Signal


On Tue, Jan 7, 2020 at 9:58 AM Töma Gavrichenkov <ximaera () gmail com> wrote:


Peace,

On Mon, Jan 6, 2020, 9:27 PM Octolus Development <admin () octolus net>
wrote:


We're facing some reflected DDoS attacks, where the source address is
spoofed to appear to be our IPs, and as a result getting blacklisted.
Sony's support has told us to "change IPs"



Wait, are they blacklisting spoofed IP(v4?) addresses?  If so, this is
hilarious.  When at some point they will finally blacklist the whole 0/0,
the problem will be solved by itself.

Still, are you completely sure this is the accurate description of what
they are doing?

--
Töma
Previous By Date Next
Previous By Thread Next

Current thread: