nanog mailing list archives
Re: did facebook just DoS me?
From: Christopher Morrow <morrowc.lists () gmail com>
Date: Tue, 4 Apr 2017 19:15:19 -0600
On Tue, Apr 4, 2017 at 7:03 PM, Kurt Kraut <listas () kurtkraut net> wrote:
Hello Christopher, I hardly belive it. IP addresses not allocated to servers were receiving attack, a whole /22 was attacked and it was solely used for servers (including IP addresses not allocated to devices), not for computers with user interface or mobile devices that could actually use Facebook. And if I recall it correctly, it was SSDP amplification attack.
oh so some mis-config in their network/policy and exploitation by other folks :( bummer.
Best regards, Kurt Kraut 2017-04-04 21:58 GMT-03:00 Christopher Morrow <morrowc.lists () gmail com>:On Tue, Apr 4, 2017 at 6:47 PM, Kurt Kraut <listas () kurtkraut net> wrote:I perform some PCAPs I many IP addresses belonged to Facebook. At first I thought: - 'Clever attacker. He guesses I could not be as severe as I am to regular UDP traffic if the origin was Facebook and he deliberately spoofed their IP address.' But one of my collegues quickly realized the incoming MAC ADDRESS was the actual Facebook router we have a peering at a internet exchange. So indeed the traffic came from their network.one wonders if this is the new (ish?) Streaming thingy they launched?
Current thread:
- did facebook just DoS me? Miguel Mata (Apr 04)
- Re: did facebook just DoS me? Compton, Rich A (Apr 04)
- Re: did facebook just DoS me? Damian Menscher via NANOG (Apr 04)
- Re: did facebook just DoS me? Kurt Kraut (Apr 04)
- Re: did facebook just DoS me? Christopher Morrow (Apr 04)
- Re: did facebook just DoS me? Kurt Kraut (Apr 04)
- Re: did facebook just DoS me? Christopher Morrow (Apr 04)
- Re: did facebook just DoS me? J. Hellenthal (Apr 04)
- Re: did facebook just DoS me? Christopher Morrow (Apr 04)
- Re: did facebook just DoS me? Compton, Rich A (Apr 04)
- Re: did facebook just DoS me? Matt Palmer (Apr 04)