Peace,

On Tue, Jan 28, 2020, 4:02 AM Damian Menscher via NANOG <nanog@nanog.org> wrote:
The victim already posted the signature to this thread:
  - source IP: 51.81.119.7
  - protocol: 6 (tcp)
  - tcp_flags: 2 (syn)

That alone is sufficient for Level3/CenturyLink/etc to identify the source of this abuse and apply filters, if they choose.

If this endpoint doesn't connect to anything outside of their network, then yes.

If it does though, the design of the filter might become more complicated.

If the OP posted their IPv4 addresses and networks to the list, it could've been easier though (however the concerns about the administrative processing procedures outlined before still apply).

--
Töma