It might have been even more innocent than that. There are some really crappy consumer-grade firewalls out there that say "DoS Attack" any time they receive an unexpected packet. This most commonly occurs when the device reboots (power outage) and a live TCP connection sends a keepalive or a RST. The end result is a flood of emails from customers to the abuse@ address of every major web company. I'd love to track down the manufacturers of these devices and get them to stop their fearmongering....
Damian On Tue, Apr 4, 2017 at 9:35 AM, Compton, Rich A <rich.comp...@charter.com> wrote: > Any proof that you can provide that Facebook did indeed DoS you? Unless > it is an attack after a tcp 3-way handshake I highly doubt that it was > actually Facebook and probably an attacker spoofing Facebook¹s source IPs > (perhaps in hopes that the source IPs would be on your whitelist and not > be blocked). > > Rich Compton | Principal Eng | 314.596.2828 > 14810 Grasslands Dr, Englewood, CO 80112 > > > > > > > On 4/3/17, 4:46 PM, "NANOG on behalf of Miguel Mata" > <nanog-boun...@nanog.org on behalf of mm...@intercom.com.sv> wrote: > > >Guys and gals, > > > >just received a DoS from supposedly Facebook. Any contact of way of > >getting in touch with > >them? > > > >Thanks. > > > > > > E-MAIL CONFIDENTIALITY NOTICE: > The contents of this e-mail message and any attachments are intended > solely for the addressee(s) and may contain confidential and/or legally > privileged information. If you are not the intended recipient of this > message or if this message has been addressed to you in error, please > immediately alert the sender by reply e-mail and then delete this message > and any attachments. If you are not the intended recipient, you are > notified that any use, dissemination, distribution, copying, or storage of > this message or any attachment is strictly prohibited. > >
