nanog mailing list archives
Re: backtracking forged packets?
From: Damian Menscher via NANOG <nanog () nanog org>
Date: Sat, 14 Mar 2020 08:42:58 -0700
Transit providers can check their netflow and to identify the true source. Know any good mailing lists where transit providers hang out? If you can share the victim IP and a timestamp, I may be able to offer additional advice off-list. Damian On Fri, Mar 13, 2020 at 11:24 PM William Herrin <bill () herrin us> wrote:
Howdy, Can anyone suggest tools, techniques and helpful contacts for backtracking spoofed packets? At the moment someone is forging TCP syns from my address block. I'm getting the syn/ack and icmp unreachable backscatter. Enough that my service provider briefly classified it a DDOS. I'd love to find the culprit. Thanks, Bill Herrin -- William Herrin bill () herrin us https://bill.herrin.us/
Current thread:
- Re: backtracking forged packets?, (continued)
- Re: backtracking forged packets? William Herrin (Mar 14)
- Re: backtracking forged packets? Jean | ddostest.me via NANOG (Mar 14)
- Re: backtracking forged packets? Damian Menscher via NANOG (Mar 14)
- Re: backtracking forged packets? Amir Herzberg (Mar 15)
- Re: backtracking forged packets? Jean | ddostest.me via NANOG (Mar 15)
- Re: backtracking forged packets? William Herrin (Mar 15)
- Re: backtracking forged packets? Amir Herzberg (Mar 15)
- Re: backtracking forged packets? William Herrin (Mar 14)
- Re: backtracking forged packets? Octolus Development (Mar 15)