14 Mar
2020
14 Mar
'20
11:42 a.m.
Transit providers can check their netflow and to identify the true source. Know any good mailing lists where transit providers hang out? If you can share the victim IP and a timestamp, I may be able to offer additional advice off-list. Damian On Fri, Mar 13, 2020 at 11:24 PM William Herrin <bill@herrin.us> wrote:
Howdy,
Can anyone suggest tools, techniques and helpful contacts for backtracking spoofed packets? At the moment someone is forging TCP syns from my address block. I'm getting the syn/ack and icmp unreachable backscatter. Enough that my service provider briefly classified it a DDOS. I'd love to find the culprit.
Thanks, Bill Herrin
-- William Herrin bill@herrin.us https://bill.herrin.us/