You would have to ask Lumen. But they likely have pattern recognition techniques that work, or people wouldn’t be widely reporting successful relief. It’s not just Lumen. There are several DDoS filtering services available. So it boils down to a cost of doing business as an ISP. -mel beckman
On Jan 16, 2026, at 8:18 AM, Marco Moock via NANOG <nanog@lists.nanog.org> wrote:
Am 16.01.2026 um 16:12:43 Uhr schrieb Mel Beckman via NANOG:
One way to do this is via DDoS filtering services like Lumen’s Lotus Defender. These have been effective at disrupting the botnet's infrastructure by filtering the low-volume inbound control channel. Yes, such services are not free, but the problem on your network is due to your customers, not anybody else’s. It is your customers’ android IoT devices that are compromised.
How does this work if the devices use TOR to contact their command and control server?
-- Gruß Marco
Send unsolicited bulk mail to 1768576363muell@cartoonies.org _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/SIUGXVHC... <mime-attachment>