Question: For something like Mirai and others, there appears to be a timer that starts the attack at a certain day/time (with unknown amount of time to distribute the software to any/all infectable devices prior to attack).
Do these generally have a timer to also stop the attack and go dormant awaiting instructions from its master ? or do they continue to send those packets forever ? If the attack is made using perfectly formed, legitimate DNS packlets (or HTTP requests or whetever), can temporary mitigation measures continue forever even if they block legitimate requests ? Or is it general practioce for hackers to have short duration attacks to reduce the time available to track them down ? (similar to old movies where one had to hangup before the 2 minutes it took for police to trace a phone call).
