> Command and control, of what? The ramp instances?
That's what I was thinking. But I'm just guessing without having downloaded the package.
> Why would they need that?
It's hard to know the motivations behind the person who wrote the Pastebin, but if you were to go to all the trouble to amass an army of bots with the capability of sending arbitrary packets with forged source IPs, wouldn't you want to retain some degree of control over it?
> And if the actual attack is direct, how will they escape the ISP's filters? According to The Spoofer Project[1], no ISP lets you spoof packets with IPs outside of at least the same /8 subnet. Can you even get a consumer connection with an IP in those subnets?
(Thank you for that fascinating link BTW.)
I dunno, the same thought occurred to me too.
Note that they encourage the use of "VPNs", though they don't specify to where. Maybe "VPN" to their audience is expected to represent some sort of anonymizing service (e.g. for illicit filesharing) that typically terminates at a backend datacenter which might not have effective egress filtering.
That's what I was thinking. But I'm just guessing without having downloaded the package.
> Why would they need that?
It's hard to know the motivations behind the person who wrote the Pastebin, but if you were to go to all the trouble to amass an army of bots with the capability of sending arbitrary packets with forged source IPs, wouldn't you want to retain some degree of control over it?
> And if the actual attack is direct, how will they escape the ISP's filters? According to The Spoofer Project[1], no ISP lets you spoof packets with IPs outside of at least the same /8 subnet. Can you even get a consumer connection with an IP in those subnets?
(Thank you for that fascinating link BTW.)
I dunno, the same thought occurred to me too.
Note that they encourage the use of "VPNs", though they don't specify to where. Maybe "VPN" to their audience is expected to represent some sort of anonymizing service (e.g. for illicit filesharing) that typically terminates at a backend datacenter which might not have effective egress filtering.
Again, just speculating.