On Sat, 14 Mar 2020 at 08:26, William Herrin <b...@herrin.us> wrote: > Can anyone suggest tools, techniques and helpful contacts for > backtracking spoofed packets? At the moment someone is forging TCP > syns from my address block. I'm getting the syn/ack and icmp > unreachable backscatter. Enough that my service provider briefly > classified it a DDOS. I'd love to find the culprit.
Check source interface for a flow from netflow. Good luck doing this across multiple admin domains. -- ++ytti
