The APNIC blog has a guest post that explains quite a few operational details about the inner workings of the Mirai botnet components.
Maybe having an IDS is not such a bad idea...
I remember that one puzzling quite a few people when they first noticed that kind of traffic...
APNIC blog wrote:
Do C2 master and bot have heartbeat communication?
Yes. The heartbeat will involve sending and receiving the same 2 bytes of data (content is 0x0000). The interval time is about 60 seconds and the maximum timeout is 180 seconds.
Yes. The heartbeat will involve sending and receiving the same 2 bytes of data (content is 0x0000). The interval time is about 60 seconds and the maximum timeout is 180 seconds.
Maybe having an IDS is not such a bad idea...
APNIC blog wrote:
What are the characteristics in GRE IP/ETH flood?
GRE ETH flood adds a custom ETH layer then GRE IP flood; the ETH layer is randomly filled. The destination IP in the packet is also randomly filled if it is not specified in the command.
GRE ETH flood adds a custom ETH layer then GRE IP flood; the ETH layer is randomly filled. The destination IP in the packet is also randomly filled if it is not specified in the command.
I remember that one puzzling quite a few people when they first noticed that kind of traffic...