On Sat, Jan 17, 2026 at 10:13 PM Mel Beckman <[email protected]> wrote: > Alas, those days are over. You probably already know this, but in case others > don’t, the problem with the AISURU is that home user’s infected devices don’t > do scanning, so you can’t detect them. They simply send DDoS packets — which > just look like normal traffic —against pre-defined targets communicated over > the botnet C2 network.
Hi Mel, From what I gather, modern botnets provide the attacker with a swiss army knife of capabilities including the one you mention. If your purpose is to detect them rather than automate filtering, you don't have to catch them doing everything, you only have to catch them doing one thing. Look at it this way: the attacker has to hide _everything_ he does from you. You only have to catch _one_ thing he does to detect that intrusion. It's the reverse of the normal pattern where the attacker can infiltrate a system by succeeding once while the defender has to succeed every time to keep him out. Regards, Bill Herrin -- For hire. https://bill.herrin.us/resume/ _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/[email protected]/message/Z24OZH2GYCMP6G4Z33H7FQFFI4WKB2SW/
