Hello Mr. Mata, I'd like to register you might not be the only one. At work, I deal with DDoS on a daily basis. A pretty common UDP DDoS attack was hiting random IPs of our autonomous system and I applied a bunch of rules to block it. There rule had exceptions for content providers with high demand, like Google, Facebook and Akamai. For my surprise, after I applied my DROP rules, there was still a significant amount of traffic reaching the target servers. I perform some PCAPs I many IP addresses belonged to Facebook. At first I thought: - 'Clever attacker. He guesses I could not be as severe as I am to regular UDP traffic if the origin was Facebook and he deliberately spoofed their IP address.' But one of my collegues quickly realized the incoming MAC ADDRESS was the actual Facebook router we have a peering at a internet exchange. So indeed the traffic came from their network. The UDP source IP address is not enough to drag to this conclusion, but the MAC ADDRESS was very convincing to me. Best regards, Kurt Kraut 2017-04-03 19:46 GMT-03:00 Miguel Mata <mmata@intercom.com.sv>:
Guys and gals,
just received a DoS from supposedly Facebook. Any contact of way of getting in touch with them?
Thanks.