[192237] in North American Network Operators' Group
Re: Death of the Internet, Film at 11
daemon@ATHENA.MIT.EDU (Florian Weimer)
Sun Oct 23 06:08:16 2016
X-Original-To: nanog@nanog.org
From: Florian Weimer <fw@deneb.enyo.de>
To: David Conrad <drc@virtualized.org>
Date: Sun, 23 Oct 2016 12:08:10 +0200
In-Reply-To: <etPan.580bae3d.3d3523fc.3da2@virtualized.org> (David Conrad's
message of "Sat, 22 Oct 2016 11:21:49 -0700")
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
* David Conrad:
> Maybe (not sure) one way would be to examine your resolver query logs
> to look for queries for names that fit domain generation algorithm
> patterns, then tracking down the customers/devices that are issuing
> those queries and politely suggest they remove the malware on their
> systems?
Where would interested operators get that information?
Would this include information how to identify those devices which
participated in the CCTV-based botnet which allegedly took part in the
recent attacks?
