And you're sure that you are the reflection target not the reflection vector?
As in it's definitely the case that you are the target here (your IP addresses are being spoofed, and the reflection attack is hitting you) rather than that someone is abusing endpoints in your network, i.e. reflecting off of your endpoints with Sony's addresses as the spoofed source such that Sony is getting targeted?

If the former: How is Sony involved there?  Are people spoofing your source addresses and trying to reflect off of Sony?  Or how else did Sony catch wind of it?

-- 
Hugo Slabbert       | email, xmpp/jabber: hugo@slabnet.com
pgp key: B178313E   | also on Signal


On Tue, Jan 7, 2020 at 9:58 AM Töma Gavrichenkov <ximaera@gmail.com> wrote:
Peace,

On Mon, Jan 6, 2020, 9:27 PM Octolus Development <admin@octolus.net> wrote:
We're facing some reflected DDoS attacks, where the source address is spoofed to appear to be our IPs, and as a result getting blacklisted. Sony's support has told us to "change IPs"

Wait, are they blacklisting spoofed IP(v4?) addresses?  If so, this is hilarious.  When at some point they will finally blacklist the whole 0/0, the problem will be solved by itself.

Still, are you completely sure this is the accurate description of what they are doing?

--
Töma