VPN-enabled advance fee fraud

Grant Taylor gtaylor at tnetconsulting.net
Mon Mar 21 19:37:15 UTC 2022

On 3/21/22 12:56 PM, Jay Hennigan wrote:
> If their intent is not to have data available for analysis, and it sure 
> sounds like it is, they aren't going to log flows or netstat. Data will 
> be in RAM during the TCP session, then poof.

I largely agree regarding persistent storage.

However, that doesn't preclude netstat / ss / tcpdump and the likes.

There has to be /something/ correlating incoming and outgoing /active/ / 
/ongoing/ connections.

I don't see anything speaking to that real-time data in their comments 
about architecture.

Grant. . . .
unix || die

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4017 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20220321/444e38e7/attachment.bin>

More information about the NANOG mailing list