Got the same abuse mail on my exits ... you get a IP depending where you are so you dont know where the attacker is and thats why you cant block the IP. You are out of luck.

2016-08-09 18:38 GMT+02:00 Toralf Förster toralf.foerster@gmx.de:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

Got few times an informal report containing something like:

    It is most likely the attack traffic is directed at one of the following endpoints:

    account.sonyentertainmentnetwork.com
    auth.np.ac.playstation.net
    auth.api.sonyentertainmentnetwork.com
    auth.api.np.ac.playstation.net

I was just wondering how would somebody handle a request to exclude those IP addresses, b/c 2 attempts to get the affected netwrok gives:

# host account.sonyentertainmentnetwork.com account.sonyentertainmentnetwork.com is an alias for account.sonyentertainmentnetwork.com.edgekey.net. account.sonyentertainmentnetwork.com.edgekey.net is an alias for e380.b.akamaiedge.net. e380.b.akamaiedge.net has address 104.109.72.158

# whois 104.109.72.158 | grep CIDR CIDR: 104.64.0.0/10 CIDR: 104.109.64.0/20

and at another system :

~/devel/wireshark $ host account.sonyentertainmentnetwork.com account.sonyentertainmentnetwork.com is an alias for account.sonyentertainmentnetwork.com.edgekey.net. account.sonyentertainmentnetwork.com.edgekey.net is an alias for e380.b.akamaiedge.net. e380.b.akamaiedge.net has address 184.24.193.168

$ whois 184.24.193.168 | grep CIDR CIDR: 184.24.0.0/13 CIDR: 184.24.192.0/20

---

Toralf PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2

iF4EAREIAAYFAleqBwUACgkQxOrN3gB26U7YXQD+PHgO8nVRo01abzdu1P7zC6TZ gDMkb+L51zt/k7hBJOsA/0czdSd8p8AnINKx+FP2Gi5ZSjVzzBuUM9o+htw5BdIX =Tz+I -----END PGP SIGNATURE----- _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays