Death of the Internet, Film at 11

From Sat Oct 22 15:51:34 2016
If they are easy to trace, then it should be easy for you to
tell me how to find them on my network.

Not sure if you're trolling now, apologies if what I wrote
wasn't clear.

If you did want to find them before they attack then you could
scan for them, the miscreants already did and easily found them.

For some attack vectors there are services that are doing it
for you, see the excellent

The addresses being known to them doesn't help me at all clean
up my network or help other networks clean up theirs.

Did you read my whole mail? The suggestion is people who get attacked
tell the ISPs of the devices doing the attacking

It would be rather difficult for me (and I'm sure many other operators)
to distinguish normal Dyn traffic from DDoS Dyn traffic.

I was not suggesting you try and guess, I was suggesting you be given
data from actual attacks.


Not trolling in the least. I'm genuinely trying my best to help the greater community.

Agreed on ShadowServer. I get their reports and I recommend others do the same.

Oh, okay, I responded to someone that said:


* David Conrad:

Maybe (not sure) one way would be to examine your resolver query logs
to look for queries for names that fit domain generation algorithm
patterns, then tracking down the customers/devices that are issuing
those queries and politely suggest they remove the malware on their

Where would interested operators get that information?

Would this include information how to identify those devices which
participated in the CCTV-based botnet which allegedly took part in the
recent attacks?