Is this an indication of a prefix that was highjacked? Sent from my iPhone
On Oct 14, 2019, at 9:19 AM, Ben Cannon <ben@6by7.net> wrote:
I believe we have found 1 customer that is infected with a botnet or malware. His public ip address during speedtest or similar actually shows a Chinese ip address. We are contacting him to try to get that resolved and then put in a request to all the geolocation databases to update their information. It's still weird to me that a single customer out of around 120 can cause this many issues and change the geolocation databases. Thanks Travis-----Original Message-----
Is this an indication of a prefix that was highjacked?
Sent from my iPhone
On Oct 14, 2019, at 9:19 AM, Ben Cannon <ben@6by7.net> wrote:
I believe we have found 1 customer that is infected with a botnet or malware.
I've dealt with plenty of botnets working as a repair technician in the past but never had one change the public IP address of the user. Not entirely sure what this would accomplish aside from making it much easier to detect.
On Wed, 16 Oct 2019 12:50:17 -0000, Ryland Kremeier said:
I believe we have found 1 customer that is infected with a botnet or malware.
I've dealt with plenty of botnets working as a repair technician in the past but never had one change the public IP address of the user. Not entirely sure what this would accomplish aside from making it much easier to detect.
To detect that somebody isn't doing BCP38 filtering of their customers, you mean? :)
participants (4)
-
Paul Farag -
Ryland Kremeier -
Travis Garrison -
Valdis Klētnieks