Death of the Internet, Film at 11

Jean-Francois Mezei jfmezei_nanog at
Mon Oct 24 06:32:31 UTC 2016


For something like Mirai and others, there appears to be a timer that
starts the attack at a certain day/time (with unknown amount of time to
distribute the software to any/all infectable devices prior to attack).

Do these generally have a timer to also stop the attack and go dormant
awaiting instructions from its master ? or do they continue to send
those packets forever ?

If the attack is made using perfectly formed, legitimate DNS packlets
(or HTTP requests or whetever), can temporary mitigation measures
continue forever even if they block legitimate requests ?

Or is it general practioce for hackers to have short duration attacks to
reduce the time available to track them down ? (similar to old movies
where one had to hangup before the 2 minutes it took for police to trace
a phone call).

More information about the NANOG mailing list