Exactly -- Onward!, Jason Hellenthal, Systems & Network Admin, Mobile: 0x9CA0BD58, JJH48-ARIN
On Apr 4, 2017, at 20:15, Christopher Morrow <morrowc.li...@gmail.com> wrote: On Tue, Apr 4, 2017 at 7:03 PM, Kurt Kraut <lis...@kurtkraut.net> wrote: > Hello Christopher, > > > I hardly belive it. IP addresses not allocated to servers were receiving > attack, a whole /22 was attacked and it was solely used for servers > (including IP addresses not allocated to devices), not for computers with > user interface or mobile devices that could actually use Facebook. And if I > recall it correctly, it was SSDP amplification attack. > > oh so some mis-config in their network/policy and exploitation by other folks :( bummer. > > Best regards, > > > Kurt Kraut > > 2017-04-04 21:58 GMT-03:00 Christopher Morrow <morrowc.li...@gmail.com>: > >> >> >>> On Tue, Apr 4, 2017 at 6:47 PM, Kurt Kraut <lis...@kurtkraut.net> wrote: >>> >>> >>> I perform some PCAPs I many IP addresses belonged to Facebook. At first I >>> thought: - 'Clever attacker. He guesses I could not be as severe as I am >>> to >>> regular UDP traffic if the origin was Facebook and he deliberately >>> spoofed >>> their IP address.' >>> >>> But one of my collegues quickly realized the incoming MAC ADDRESS was the >>> actual Facebook router we have a peering at a internet exchange. So >>> indeed >>> the traffic came from their network. >>> >> >> one wonders if this is the new (ish?) Streaming thingy they launched? >> > >
