Argomento: SYN Attacks

Post SYN Attacks
di blackbarret su martedì 23 febbraio 2021



I recently received a full blown SYN attack that kept on for 2 weeks, i dont know if others
have experienced anything related, the sources where spoofed however came from:
- OHV SAS
- Suarnet.br.com

I spoke with multiple IT teams from Brazil and the Netherlands and it we deducted that
this is a so called middle-men attack, they use spoofed packets that send a SYN request
using a spoofed source packet, this source was the target. I had to reinstate a mitigation
layer with another ipv4 (lease).

If anybody is experiencing this right now, let me know I can help you with a solution (if Dynu's rules allow me i hope).

I attached the attack map in the attachment of this thread what we received, was nasty.


Greets B.

Rispondi con citazione | Segnalare
sabato 21 dicembre 2024 23:23
Loading...