It might have been even more innocent than that. There are some really crappy consumer-grade firewalls out there that say "DoS Attack" any time they receive an unexpected packet. This most commonly occurs when the device reboots (power outage) and a live TCP connection sends a keepalive or a RST. The end result is a flood of emails from customers to the abuse@ address of every major web company. I'd love to track down the manufacturers of these devices and get them to stop their fearmongering.... Damian On Tue, Apr 4, 2017 at 9:35 AM, Compton, Rich A <Rich.Compton@charter.com> wrote:
Any proof that you can provide that Facebook did indeed DoS you? Unless it is an attack after a tcp 3-way handshake I highly doubt that it was actually Facebook and probably an attacker spoofing Facebook¹s source IPs (perhaps in hopes that the source IPs would be on your whitelist and not be blocked).
Rich Compton | Principal Eng | 314.596.2828 14810 Grasslands Dr, Englewood, CO 80112
On 4/3/17, 4:46 PM, "NANOG on behalf of Miguel Mata" <nanog-bounces@nanog.org on behalf of mmata@intercom.com.sv> wrote:
Guys and gals,
just received a DoS from supposedly Facebook. Any contact of way of getting in touch with them?
Thanks.
E-MAIL CONFIDENTIALITY NOTICE: The contents of this e-mail message and any attachments are intended solely for the addressee(s) and may contain confidential and/or legally privileged information. If you are not the intended recipient of this message or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message and any attachments. If you are not the intended recipient, you are notified that any use, dissemination, distribution, copying, or storage of this message or any attachment is strictly prohibited.