Re: did facebook just DoS me?

[Christopher Morrow <morrowc.lists () gmail com>]

On Tue, Apr 4, 2017 at 7:03 PM, Kurt Kraut <listas () kurtkraut net> wrote:

> Hello Christopher,
>
>
> I hardly belive it. IP addresses not allocated to servers were receiving
> attack, a whole /22 was attacked and it was solely used for servers
> (including IP addresses not allocated to devices), not for computers with
> user interface or mobile devices that could actually use Facebook. And if I
> recall it correctly, it was SSDP amplification attack.
oh so some mis-config in their network/policy and exploitation by other
folks :( bummer.


> Best regards,
>
>
> Kurt Kraut
>
> 2017-04-04 21:58 GMT-03:00 Christopher Morrow <morrowc.lists () gmail com>:
>
> > On Tue, Apr 4, 2017 at 6:47 PM, Kurt Kraut <listas () kurtkraut net> wrote:
> >
> > > I perform some PCAPs I many IP addresses belonged to Facebook. At first I
> > > thought: - 'Clever attacker. He guesses I could not be as severe as I am
> > > to
> > > regular UDP traffic if the origin was Facebook and he deliberately
> > > spoofed
> > > their IP address.'
> > >
> > > But one of my collegues quickly realized the incoming MAC ADDRESS was the
> > > actual Facebook router we have a peering at a internet exchange. So
> > > indeed
> > > the traffic came from their network.
> >
> > one wonders if this is the new (ish?) Streaming thingy they launched?