[192205] in North American Network Operators' Group
Re: Death of the Internet, Film at 11
daemon@ATHENA.MIT.EDU (David Conrad)
Sat Oct 22 14:21:55 2016
X-Original-To: nanog@nanog.org
Date: Sat, 22 Oct 2016 11:21:49 -0700
From: David Conrad <drc@virtualized.org>
To: Mike Hammett <nanog@ics-il.net>
In-Reply-To: <241612512.4558.1477148926944.JavaMail.mhammett@ThunderFuck>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
--91881D9D-0054-48A2-910C-31AF5D64275E
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Mike,
On October 22, 2016 at 8:09:34 AM, Mike Hammett (nanog=40ics-il.net) wrot=
e:
How can I as a network operator seek out and eliminate the sources of the=
se attacks=3F=C2=A0
Maybe (not sure) one way would be to examine your resolver query logs to =
look for queries for names that fit domain generation algorithm patterns,=
then tracking down the customers/devices that are issuing those queries =
and politely suggest they remove the malware on their systems=3F=C2=A0
Regards,
-drc
--91881D9D-0054-48A2-910C-31AF5D64275E
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename=signature.asc
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: Message signed with OpenPGP using AMPGpg
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQEcBAEBCgAGBQJYC649AAoJENV6ebf0/4rXorQIAKFfXdCIkyeo4wLH/yojYG+c
xQaEtXnpCEw71r7bI833o+Fhf54IDpmrvSjNDat57lMUmUOl+l8t7TpugYwqpE8H
gGgvS5Nmvbbe9v3SNqc7yxsrD0HcmwzsNKoomHThvXl8W/Bb78OEyjOSAM/Ob0Pw
dzh71j6DqhSa/fy0fhNJzzp3iQSFUcn44WLo44hkFHzDhW845I/VxYwn2/yTMgnB
sWxjQRpsIiR/H9nFkVYQaoqkW/fJV9HBIgLSIbcnAwxV5dfhlBD1P0DL43YtY/9e
8PcdaDud70fHh4pvqUrxeJSD7KOxMgPHib1pslLk4eHte4bp+VnSberuvtsdI9Y=
-----END PGP SIGNATURE-----
--91881D9D-0054-48A2-910C-31AF5D64275E--
