-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Got few times an informal report containing something like:
It is most likely the attack traffic is directed at one of the following endpoints:
account.sonyentertainmentnetwork.com auth.np.ac.playstation.net auth.api.sonyentertainmentnetwork.com auth.api.np.ac.playstation.net
I was just wondering how would somebody handle a request to exclude those IP addresses, b/c 2 attempts to get the affected netwrok gives:
# host account.sonyentertainmentnetwork.com account.sonyentertainmentnetwork.com is an alias for account.sonyentertainmentnetwork.com.edgekey.net. account.sonyentertainmentnetwork.com.edgekey.net is an alias for e380.b.akamaiedge.net. e380.b.akamaiedge.net has address 104.109.72.158
# whois 104.109.72.158 | grep CIDR CIDR: 104.64.0.0/10 CIDR: 104.109.64.0/20
and at another system :
~/devel/wireshark $ host account.sonyentertainmentnetwork.com account.sonyentertainmentnetwork.com is an alias for account.sonyentertainmentnetwork.com.edgekey.net. account.sonyentertainmentnetwork.com.edgekey.net is an alias for e380.b.akamaiedge.net. e380.b.akamaiedge.net has address 184.24.193.168
$ whois 184.24.193.168 | grep CIDR CIDR: 184.24.0.0/13 CIDR: 184.24.192.0/20
- -- Toralf PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7