[192269] in North American Network Operators' Group
Re: Death of the Internet, Film at 11
daemon@ATHENA.MIT.EDU (Jean-Francois Mezei)
Mon Oct 24 02:32:34 2016
X-Original-To: nanog@nanog.org
To: nanog@nanog.org
From: Jean-Francois Mezei <jfmezei_nanog@vaxination.ca>
Date: Mon, 24 Oct 2016 02:32:31 -0400
In-Reply-To: <CAFiN6rrOyRoWiQWKratQwGbA_5E3OLxEnDExEnocWyOhb8W8Tw@mail.gmail.com>
Errors-To: nanog-bounces@nanog.org
Question:
For something like Mirai and others, there appears to be a timer that
starts the attack at a certain day/time (with unknown amount of time to
distribute the software to any/all infectable devices prior to attack).
Do these generally have a timer to also stop the attack and go dormant
awaiting instructions from its master ? or do they continue to send
those packets forever ?
If the attack is made using perfectly formed, legitimate DNS packlets
(or HTTP requests or whetever), can temporary mitigation measures
continue forever even if they block legitimate requests ?
Or is it general practioce for hackers to have short duration attacks to
reduce the time available to track them down ? (similar to old movies
where one had to hangup before the 2 minutes it took for police to trace
a phone call).
