| HN Mirror

Y	Hacker News new \| ask \| show \| jobs


	by motohagiography 1888 days ago
	If that were true, depending on path inforation, any botnet or other traffic destined to those networks would end up in this new AS8003 traffic sink, which would create a map of candidate CCP assets to target on the internet. You could do the same with any AS. I haven't looked into bgp spoofing since about '99, but it seems to have matured since then. The idea of using it as ephemeral canary/honeynet space for tracking botnet C&C traffic seems like a reasonable play.

1 comments

xwolfi 1888 days ago

But the internet is not just CCP vs Captain America. I mean my home network has random ips and a shit network admin, so I will also send crap data to the DOD, from Hong Kong.

You imagine the work to figure out if my tcp heartbeats between my torrent server and my nginx proxy are CCP botnets or me misconfiguring my router ? From the same place kinda ? And you imagine the amount of people we are in China that are doing shit networking but not CCP-relevant things ?

And the amount of botnets we have in China that are to scam each other that even the CCP doesn't want ? :D

link

Forbo 1888 days ago

I once had a client who decided to use an IP block that was registered to APNIC for their internal network. Made for quite the headache as I tried to track down why there was a ton of traffic supposedly going to China and Japan. -__-

link

ufmace 1888 days ago

Yeah, that's why the stated explanation sounds weird.

Suddenly advertise this never-used block, and you're just going to get a massive torrent of previously-internal traffic from bazillions of organizations all over the planet that used it for something internal and were slightly lazy and didn't set up their routing quite right. Probably 99.9% of it is of no use whatsoever to anyone outside that org. It's tough to imagine that anyone thought they'd get any useful information on any hostile CCP activity by doing this.

I would also expect that any department doing hostile things on the net would be at least smart enough to not let any of their internal traffic leak out like that, no matter who they actually worked for.

link