You will still see backscatter which will let you know your space is being spoofed as well.
This will show in your telemetry. Sent from my iCar > On Jan 27, 2020, at 7:57 PM, Mike Hammett <[email protected]> wrote: > > > How would they know what to look for? > > I'm assuming Sony isn't cooperating. > > > > ----- > Mike Hammett > Intelligent Computing Solutions > http://www.ics-il.com > > Midwest-IX > http://www.midwest-ix.com > > From: "Ben Cannon" <[email protected]> > To: "Mike Hammett" <[email protected]> > Cc: "Roland Dobbins" <[email protected]>, "NANOG Operators' Group" > <[email protected]> > Sent: Monday, January 27, 2020 6:40:25 PM > Subject: Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC > > Transit carriers could work the flows backwards. > > -Ben Cannon > CEO 6x7 Networks & 6x7 Telecom, LLC > [email protected] > > > > > On Jan 27, 2020, at 4:39 PM, Mike Hammett <[email protected]> wrote: > > If someone is being spoofed, they aren't receiving the spoofed packets. How > are they supposed to collect anything on the attack? > > Offending host pretending to be Octolus -> Sony -> Real Octolus. > > > > > ----- > Mike Hammett > Intelligent Computing Solutions > http://www.ics-il.com > > Midwest-IX > http://www.midwest-ix.com > > From: "Roland Dobbins" <[email protected]> > To: "Octolus Development" <[email protected]> > Cc: "Heather Schiller via NANOG" <[email protected]> > Sent: Monday, January 27, 2020 6:29:16 PM > Subject: Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC > > > > On Jan 28, 2020, at 04:12, Octolus Development <[email protected]> wrote: > > It is impossible to find the true origin of where the spoofed attacks are > coming from. > > This is demonstrably untrue. > > If you provide the requisite information to operators, they can look through > their flow telemetry collection/analysis systems in order to determine > whether the spoofed traffic traversed their network; if it did so, they will > see where it ingressed their network. > > With enough participants who have this capability, it's possible to trace the > spoofed traffic back to its origin network, or at least some network or > networks topologically proximate to the origin network. > > That's what Damian is suggesting. > > -------------------------------------------- > Roland Dobbins <[email protected]> > >
