nanog mailing list archives
Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC
From: "Octolus Development" <admin () octolus net>
Date: Wed, 08 Jan 2020 20:36:41 +0100
The thing is. I can buy a brand new IP. It works fine on the websites. The moment it's hit by a DDoS Attack (TCP-AMP) .. Only 24-48 hours later, it's banned from all Inculpsa's aka Imperva's websites :) so something is horrible done wrong on their end and they're not interested in helping.. neither is Sony. On 08.01.2020 20:26:14, Lukas Tribus <lists () ltri eu> wrote: Hello, On Wed, 8 Jan 2020 at 18:26, Octolus Development wrote:
The error it displays on both Sony, and Imperva (and whatever websites who uses their protection). So this problem is not with Sony, but rather Imperva blocking IP's wildly. The IP's are not blocks, it's a single IP and the block/blacklist lifts after 7 days. Error that appears on those websites, including imperva themself: This page can't be displayed. Contact support for additional information. The incident ID is: N/A.
That looks like a WAF, so reflection/spoofing is probably *not* the reason your IPs ended up on those lists. I assume what you see looks similar to what this returns (a request that looks like a sql injection): https://www.imperva.com/bla%20OR%201=1 A few of those hits, or crossing a certain threshold per IP (very easy for CGN IPs), and your IP probably ends up on those lists I guess. And of course those endpoints are not IPv6 enabled, so behind CGN the end customers shares his luck with it's neighbors even if everything is IPv6 enabled. Imperva, is that the "cybersecurity firm" that was breached 6 months ago? https://krebsonsecurity.com/2019/08/cybersecurity-firm-imperva-discloses-breach/ Lukas
Current thread:
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC, (continued)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Octolus Development (Jan 07)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Töma Gavrichenkov (Jan 07)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Hugo Slabbert (Jan 07)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Töma Gavrichenkov (Jan 07)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Töma Gavrichenkov (Jan 07)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Hugo Slabbert (Jan 07)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Octolus Development (Jan 08)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Lukas Tribus (Jan 08)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Octolus Development (Jan 08)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Lukas Tribus (Jan 08)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Octolus Development (Jan 08)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Hugo Slabbert (Jan 08)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Hugo Slabbert (Jan 07)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Töma Gavrichenkov (Jan 08)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Octolus Development (Jan 08)
- RE: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Keith Medcalf (Jan 08)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Radu-Adrian Feurdean (Jan 10)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Octolus Development (Jan 10)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Mark Milhollan (Jan 10)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Octolus Development (Jan 10)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Octolus Development (Jan 27)
- Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Damian Menscher via NANOG (Jan 27)