On Fri, Jan 16, 2026 at 5:31 AM Corey Smith via NANOG <nanog@lists.nanog.org> wrote:
I would appreciate if any ISP Operators could help some of the smaller ISP like us in stopping the traffic from these new Malware infected customers that have devices with Aisiura/Kimwolf botnet,
I don't know anything about the AISURU/Kimwolf botnet, but back in the day I'd point my default route at an IDS where I could monitor and log port scans sent from customers to unrouted IP address space. This worked because it was adjacent to a router with a full BGP table. This told me which customers had malware, and when contacted it let me say, "We recorded at least X hundred thousand unlawful network packets from your computers between date and date. If you're willing to turn things off one by one, we can help you identify which of your devices is at fault, but if you're unable to repair it yourself you'll have to seek assistance from a repair shop." And if it's equipment I sent the customers, I'd figure that out pretty quickly because it would have hit most of the customers I sent that equipment to. Regards, Bill Herrin -- For hire. https://bill.herrin.us/resume/