nanog mailing list archives
Re: VPN-enabled advance fee fraud
From: Grant Taylor via NANOG <nanog () nanog org>
Date: Mon, 21 Mar 2022 13:37:15 -0600
On 3/21/22 12:56 PM, Jay Hennigan wrote:
If their intent is not to have data available for analysis, and it sure sounds like it is, they aren't going to log flows or netstat. Data will be in RAM during the TCP session, then poof.
I largely agree regarding persistent storage. However, that doesn't preclude netstat / ss / tcpdump and the likes.There has to be /something/ correlating incoming and outgoing /active/ / /ongoing/ connections.
I don't see anything speaking to that real-time data in their comments about architecture.
-- Grant. . . . unix || die
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- VPN-enabled advance fee fraud Andrew G. Watters (Mar 21)
- Re: VPN-enabled advance fee fraud Jay Hennigan (Mar 21)
- Re: VPN-enabled advance fee fraud TJ Trout (Mar 21)
- Re: VPN-enabled advance fee fraud Josh Luthman (Mar 21)
- Re: VPN-enabled advance fee fraud Matthew Kaufman (Mar 21)
- Re: VPN-enabled advance fee fraud Grant Taylor via NANOG (Mar 21)
- Re: VPN-enabled advance fee fraud Jay Hennigan (Mar 21)
- Re: VPN-enabled advance fee fraud Grant Taylor via NANOG (Mar 21)
- Re: VPN-enabled advance fee fraud Mark Seiden (Mar 21)