Transit providers can check their netflow and to identify the true source. Know any good mailing lists where transit providers hang out?
If you can share the victim IP and a timestamp, I may be able to offer additional advice off-list. Damian On Fri, Mar 13, 2020 at 11:24 PM William Herrin <b...@herrin.us> wrote: > Howdy, > > Can anyone suggest tools, techniques and helpful contacts for > backtracking spoofed packets? At the moment someone is forging TCP > syns from my address block. I'm getting the syn/ack and icmp > unreachable backscatter. Enough that my service provider briefly > classified it a DDOS. I'd love to find the culprit. > > Thanks, > Bill Herrin > > -- > William Herrin > b...@herrin.us > https://bill.herrin.us/ >
