> > How does this work if the devices use TOR to contact their command and > control server?
The most detailed analysis I have seen makes no mention of C2s comms via TOR. If you have a reference that it does, can you share? On Fri, Jan 16, 2026 at 11:18 AM Marco Moock via NANOG < [email protected]> wrote: > Am 16.01.2026 um 16:12:43 Uhr schrieb Mel Beckman via NANOG: > > > One way to do this is via DDoS filtering services like Lumen’s Lotus > > Defender. These have been effective at disrupting the botnet's > > infrastructure by filtering the low-volume inbound control channel. > > Yes, such services are not free, but the problem on your network is > > due to your customers, not anybody else’s. It is your customers’ > > android IoT devices that are compromised. > > How does this work if the devices use TOR to contact their command and > control server? > > -- > Gruß > Marco > > Send unsolicited bulk mail to [email protected] > _______________________________________________ > NANOG mailing list > > https://lists.nanog.org/archives/list/[email protected]/message/SIUGXVHCN74O2H4PGCVHOBU6TFVMUUF6/ _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/[email protected]/message/TKCEPDNYOH6A6XI45AHWVW5S676NBIXN/
