[194318] in North American Network Operators' Group
Re: did facebook just DoS me?
daemon@ATHENA.MIT.EDU (Damian Menscher via NANOG)
Tue Apr 4 15:04:43 2017
X-Original-To: nanog@nanog.org
In-Reply-To: <D5092694.A5E88%rich.compton@charter.com>
Date: Tue, 4 Apr 2017 12:04:20 -0700
To: "Compton, Rich A" <Rich.Compton@charter.com>
From: Damian Menscher via NANOG <nanog@nanog.org>
Reply-To: Damian Menscher <damian@google.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
It might have been even more innocent than that. There are some really
crappy consumer-grade firewalls out there that say "DoS Attack" any time
they receive an unexpected packet. This most commonly occurs when the
device reboots (power outage) and a live TCP connection sends a keepalive
or a RST. The end result is a flood of emails from customers to the abuse@
address of every major web company. I'd love to track down the
manufacturers of these devices and get them to stop their fearmongering....
Damian
On Tue, Apr 4, 2017 at 9:35 AM, Compton, Rich A <Rich.Compton@charter.com>
wrote:
> Any proof that you can provide that Facebook did indeed DoS you? Unless
> it is an attack after a tcp 3-way handshake I highly doubt that it was
> actually Facebook and probably an attacker spoofing Facebook=C2=B9s sourc=
e IPs
> (perhaps in hopes that the source IPs would be on your whitelist and not
> be blocked).
>
> Rich Compton | Principal Eng | 314.596.2828
> 14810 Grasslands Dr, Englewood, CO 80112
>
>
>
>
>
>
> On 4/3/17, 4:46 PM, "NANOG on behalf of Miguel Mata"
> <nanog-bounces@nanog.org on behalf of mmata@intercom.com.sv> wrote:
>
> >Guys and gals,
> >
> >just received a DoS from supposedly Facebook. Any contact of way of
> >getting in touch with
> >them?
> >
> >Thanks.
> >
> >
>
> E-MAIL CONFIDENTIALITY NOTICE:
> The contents of this e-mail message and any attachments are intended
> solely for the addressee(s) and may contain confidential and/or legally
> privileged information. If you are not the intended recipient of this
> message or if this message has been addressed to you in error, please
> immediately alert the sender by reply e-mail and then delete this message
> and any attachments. If you are not the intended recipient, you are
> notified that any use, dissemination, distribution, copying, or storage o=
f
> this message or any attachment is strictly prohibited.
>
>
