VPN-enabled advance fee fraud

• Previous message (by thread): VPN-enabled advance fee fraud
• Next message (by thread): VPN-enabled advance fee fraud
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 3/21/22 12:56 PM, Jay Hennigan wrote:
> If their intent is not to have data available for analysis, and it sure 
> sounds like it is, they aren't going to log flows or netstat. Data will 
> be in RAM during the TCP session, then poof.

I largely agree regarding persistent storage.

However, that doesn't preclude netstat / ss / tcpdump and the likes.

There has to be /something/ correlating incoming and outgoing /active/ / 
/ongoing/ connections.

I don't see anything speaking to that real-time data in their comments 
about architecture.



-- 
Grant. . . .
unix || die

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4017 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20220321/444e38e7/attachment.bin>

• Previous message (by thread): VPN-enabled advance fee fraud
• Next message (by thread): VPN-enabled advance fee fraud
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]