Transit carriers could work the flows backwards. -Ben Cannon CEO 6x7 Networks & 6x7 Telecom, LLC b...@6by7.net <mailto:b...@6by7.net>
> On Jan 27, 2020, at 4:39 PM, Mike Hammett <na...@ics-il.net> wrote: > > If someone is being spoofed, they aren't receiving the spoofed packets. How > are they supposed to collect anything on the attack? > > Offending host pretending to be Octolus -> Sony -> Real Octolus. > > > > > ----- > Mike Hammett > Intelligent Computing Solutions > http://www.ics-il.com <http://www.ics-il.com/> > > Midwest-IX > http://www.midwest-ix.com <http://www.midwest-ix.com/> > > From: "Roland Dobbins" <roland.dobb...@netscout.com > <mailto:roland.dobb...@netscout.com>> > To: "Octolus Development" <ad...@octolus.net <mailto:ad...@octolus.net>> > Cc: "Heather Schiller via NANOG" <nanog@nanog.org <mailto:nanog@nanog.org>> > Sent: Monday, January 27, 2020 6:29:16 PM > Subject: Re: Reaching out to Sony NOC, resolving DDoS Issues - Need POC > > > > On Jan 28, 2020, at 04:12, Octolus Development <ad...@octolus.net > <mailto:ad...@octolus.net>> wrote: > > It is impossible to find the true origin of where the spoofed attacks are > coming from. > > This is demonstrably untrue. > > If you provide the requisite information to operators, they can look through > their flow telemetry collection/analysis systems in order to determine > whether the spoofed traffic traversed their network; if it did so, they will > see where it ingressed their network. > > With enough participants who have this capability, it's possible to trace the > spoofed traffic back to its origin network, or at least some network or > networks topologically proximate to the origin network. > > That's what Damian is suggesting. > > -------------------------------------------- > Roland Dobbins <roland.dobb...@netscout.com > <mailto:roland.dobb...@netscout.com>>