[tor-relays] Blocking PSN
SuperSluether
supersluether at gmail.com
Tue Nov 29 13:48:56 UTC 2016
I keep getting Account Takeover Attempt abuses on my Tor exit, and I'm
not sure how to handle them:
It is most likely the attack traffic is directed at one of the following endpoints:
account.sonyentertainmentnetwork.com
auth.np.ac.playstation.net
auth.api.sonyentertainmentnetwork.com
auth.api.np.ac.playstation.net
These endpoints on our network are resolved by Geo DNS, so the IP addresses they resolve to will depend on the originating IP address.
The destination port will be TCP 443.
I used 'dig' and 'ping' to see what IP address the 4 endpoints resolved
as, and blocked the resulting addresses, but I'm still getting the
abuse. The Whois records show Sony and PSN owning 63.x.x.x, 64.x.x.x,
68.x.x.x, and 108.x.x.x addresses, but the websites above resolve to
23.x.x.x, so either the lists are incomplete or I'm doing something wrong.
Any ideas?
More information about the tor-relays
mailing list