VPN-enabled advance fee fraud
Grant Taylor
gtaylor at tnetconsulting.net
Mon Mar 21 19:37:15 UTC 2022
On 3/21/22 12:56 PM, Jay Hennigan wrote:
> If their intent is not to have data available for analysis, and it sure
> sounds like it is, they aren't going to log flows or netstat. Data will
> be in RAM during the TCP session, then poof.
I largely agree regarding persistent storage.
However, that doesn't preclude netstat / ss / tcpdump and the likes.
There has to be /something/ correlating incoming and outgoing /active/ /
/ongoing/ connections.
I don't see anything speaking to that real-time data in their comments
about architecture.
--
Grant. . . .
unix || die
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4017 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20220321/444e38e7/attachment.bin>
More information about the NANOG
mailing list