22 Oct
2016
22 Oct
'16
2:21 p.m.
Mike, On October 22, 2016 at 8:09:34 AM, Mike Hammett (nanog@ics-il.net) wrote: How can I as a network operator seek out and eliminate the sources of these attacks? Maybe (not sure) one way would be to examine your resolver query logs to look for queries for names that fit domain generation algorithm patterns, then tracking down the customers/devices that are issuing those queries and politely suggest they remove the malware on their systems? Regards, -drc