*nods* Not only cleaning up the infections, but also implementing BCP 38 and 84 to keep things you miss from leaking. ----- Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP ----- Original Message ----- From: "Seth David Schoen" <schoen@loyalty.org> To: "Joe Greco" <jgreco@ns.sol.net> Cc: "North American Network Operators Group" <nanog@nanog.org> Sent: Thursday, February 24, 2022 7:59:08 PM Subject: Re: Russian aligned ASNs? I also imagine (without data) that most DoS attacks continue to be performed by botnets, using other people's connections, rather than directly by their ultimate perpetrators. So, the most effective and meaningful mitigation would be trying to clean up bots, and prevent ongoing bot infections, rather than cutting off suspected or actual perpetrators. I realize that's much easier said than done!