14 Mar
2020
14 Mar
'20
7:08 a.m.
On Sat, 14 Mar 2020 at 08:26, William Herrin <bill@herrin.us> wrote:
Can anyone suggest tools, techniques and helpful contacts for backtracking spoofed packets? At the moment someone is forging TCP syns from my address block. I'm getting the syn/ack and icmp unreachable backscatter. Enough that my service provider briefly classified it a DDOS. I'd love to find the culprit.
Check source interface for a flow from netflow. Good luck doing this across multiple admin domains. -- ++ytti