How would they know what to look for? I'm assuming Sony isn't cooperating.
----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest-IX http://www.midwest-ix.com ----- Original Message ----- From: "Ben Cannon" <[email protected]> To: "Mike Hammett" <[email protected]> Cc: "Roland Dobbins" <[email protected]>, "NANOG Operators' Group" <[email protected]> Sent: Monday, January 27, 2020 6:40:25 PM Subject: Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC Transit carriers could work the flows backwards. -Ben Cannon CEO 6x7 Networks & 6x7 Telecom, LLC [email protected] On Jan 27, 2020, at 4:39 PM, Mike Hammett < [email protected] > wrote: If someone is being spoofed, they aren't receiving the spoofed packets. How are they supposed to collect anything on the attack? Offending host pretending to be Octolus -> Sony -> Real Octolus. ----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest-IX http://www.midwest-ix.com ----- Original Message ----- From: "Roland Dobbins" < [email protected] > To: "Octolus Development" < [email protected] > Cc: "Heather Schiller via NANOG" < [email protected] > Sent: Monday, January 27, 2020 6:29:16 PM Subject: Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC <blockquote> On Jan 28, 2020, at 04:12, Octolus Development < [email protected] > wrote: <blockquote> It is impossible to find the true origin of where the spoofed attacks are coming from. </blockquote> This is demonstrably untrue. If you provide the requisite information to operators, they can look through their flow telemetry collection/analysis systems in order to determine whether the spoofed traffic traversed their network; if it did so, they will see where it ingressed their network. With enough participants who have this capability, it's possible to trace the spoofed traffic back to its origin network, or at least some network or networks topologically proximate to the origin network. That's what Damian is suggesting. -------------------------------------------- Roland Dobbins < [email protected] > </blockquote>
