Transit providers can check their netflow and to identify the true source. Know any good mailing lists where transit providers hang out?

If you can share the victim IP and a timestamp, I may be able to offer additional advice off-list.

Damian

On Fri, Mar 13, 2020 at 11:24 PM William Herrin <bill@herrin.us> wrote:

Howdy,

Can anyone suggest tools, techniques and helpful contacts for
backtracking spoofed packets? At the moment someone is forging TCP
syns from my address block. I'm getting the syn/ack and icmp
unreachable backscatter. Enough that my service provider briefly
classified it a DDOS. I'd love to find the culprit.

Thanks,
Bill Herrin

--
William Herrin
bill@herrin.us
https://bill.herrin.us/