Have also been observing the same thing for past several months, albeit on much smaller scale, but exactly what has been described, especially the traffic (or spoofed traffic) from Brazil, Chile, etc. - tons of SYN flood like attacks and port 443 - enough to temporarily cripple some smaller VPS servers. Past several months have seen it ramp up and down, and the past few days, it's increased in intensity again and with more specificity. I had some odd connections in that it appeared that some of these peak waves have also corresponded to bursts of criminal credit card fraud gangs and email bombs looking to cover their tracks and or overwhelm services - coincidence? Really glad to hear some professionals having eyes on this and discussing it. Fascinating! Happy to share the IP's I have collected and firewalled to drop traffic.
What's the big deal? It's somebody with a botnet. Obviously somebody is either testing the capability of the botnet, or it is used as a cover for another attack. Then creating a needle in a haystack scenario.
As a newbie studying into this, networking is my least favourite one because it doesn't lead anywhere....and this "storm" is proving my point. An IP address/packet can be easily faked, but with that said. I think that whoever's doing it is a very smart newbie because.....with fake traffic, you are confusing everyone in the field, which clearly has been working. Not just that, they could potentially send malware through those fake IPs without using the attacker's actual IP address packet????????🤔🤔🤔 So as I see it, yous need programmers and malware analysis to take a closer look at this (LOVE) word. I think that (LOVE) string could potentially lead somewhere.
