Hello, I love seeing these old school descriptions of overflows and device
compromise. Reminds me when I was doing SOC work for another company.Thank you
and know some of us older guys and gals enjoy this immensely. Sincerely,Richard
Golodner [email protected]
-------- Original message --------From: Intergalactic Auditor via NANOG
<[email protected]> Date: 1/17/26 10:45 (GMT-06:00) To: North American
Network Operators Group <[email protected]> Cc: Marco Moock
<[email protected]>, Intergalactic Auditor <[email protected]> Subject: Re:
ISP Operators AISURU/Kimwolf botnet Why use tor when you can ride the carriers
wave?This report is an
example:https://github.com/0verdu/Stepped-On_Silicon/blob/main/infrastructure/tmobile_usa.mdTor
isn’t even in the picture. The setup bypasses the MVNO layer entirely and hits
the MNO core to tunnel into private AWS space (172.31.35.241).When the C2 is
integrated into the IMS core and uses a system-level NEVPN, it’s invisible to
the user.-------- Original Message --------On Friday, 01/16/26 at 11:35 Tom
Beecher via NANOG <[email protected]> wrote:>> How does this work if the
devices use TOR to contact their command and> control server?The most detailed
analysis I have seen makes no mention of C2s comms viaTOR. If you have a
reference that it does, can you share?On Fri, Jan 16, 2026 at 11:18 AM Marco
Moock via NANOG <[email protected]> wrote:> Am 16.01.2026 um 16:12:43 Uhr
schrieb Mel Beckman via NANOG:>> > One way to do this is via DDoS filtering
services like Lumen’s Lotus> > Defender. These have been effective at
disrupting the botnet's> > infrastructure by filtering the low-volume inbound
control channel.> > Yes, such services are not free, but the problem on your
network is> > due to your customers, not anybody else’s. It is your
customers’> > android IoT devices that are compromised.>> How does this work if
the devices use TOR to contact their command and> control server?>> --> Gruß>
Marco>> Send unsolicited bulk mail to [email protected]>
_______________________________________________> NANOG mailing list>>
https://lists.nanog.org/archives/list/[email protected]/message/SIUGXVHCN74O2H4PGCVHOBU6TFVMUUF6/_______________________________________________NANOG
mailing
listhttps://lists.nanog.org/archives/list/[email protected]/message/TKCEPDNYOH6A6XI45AHWVW5S676NBIXN/_______________________________________________NANOG
mailing list
https://lists.nanog.org/archives/list/[email protected]/message/AJEL3YS3DZCRIWPGXDNCIEEJX2TY2I45/
_______________________________________________
NANOG mailing list
https://lists.nanog.org/archives/list/[email protected]/message/3P3IEZLN4BHJZCEAJTB5LNU23H4ZMXSG/
