On Fri, Jan 23, 2009 at 10:31 PM, <valdis.kletni...@vt.edu> wrote: > On Fri, 23 Jan 2009 18:33:14 PST, Seth Mattinen said: > >> Back to my original question: is there really not a better solution? > > Well, we *could* hunt down the perpetrators, pool some $$, and hire 3 or 4 > baseball-bat wielding professional explainers to go explain our position to > them. Figuring out how to do so without breaking any laws is the tough > part...
Step one, find a device on your netowrk seeing the traffic step two, follow the stream(s) of traffic back to its ingress (hopefully a customer link on your network) step three, watch for associated traffic to the source of the dns queries, correlate this with other sources on your network to find/identify the control point for this effort. -chris