<html><head><meta http-equiv="Content-Type" content="text/html; charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">Good tips, Mary Lou! <div class=""><br class=""></div><div class="">Do you think there's potentially any good intentions behind the advice to leave the traffic up?<br class=""><div class=""><br class=""></div><div class="">In the cybersecurity space, authorities will say that if your network has been compromised, you shouldn't immediately shutdown the hacked systems. For example, just this past September, this Joint Cybersecurity Advisory (AA20-245A) from the US and a few other governments...</div><blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;" class=""><div class=""><a href="https://us-cert.cisa.gov/sites/default/files/publications/AA20-245A-Joint_CSA-Technical_Approaches_to_Uncovering_Malicious_Activity_508.pdf" class="">https://us-cert.cisa.gov/sites/default/files/publications/AA20-245A-Joint_CSA-Technical_Approaches_to_Uncovering_Malicious_Activity_508.pdf</a></div></blockquote><div class=""><br class=""></div><div class=""><i class="">Under actions to avoid: </i></div><blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;" class=""><div class=""><i class="">"Mitigating the affected systems before responders can protect and recover data </i></div><div class=""><i class=""> - This can cause the loss of volatile data such as memory and other host-based artifacts.</i></div><div class=""><i class=""> - The adversary may notice and change their tactics, techniques, and procedures."</i></div></blockquote><div class=""><br class=""></div><div class=""><br class=""></div><div class=""><div class=""><br class=""><div class="">
<meta charset="UTF-8" class=""><div><div dir="auto" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div dir="auto" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div dir="auto" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div dir="auto" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div dir="auto" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div dir="auto" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div dir="auto" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div dir="auto" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div dir="auto" class="" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div class="" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div class="" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div><div class=""><font class=""><span class="" style="color: rgb(0, 68, 121); font-size: 9px; font-family: Helvetica;"><font face="Arial Black" class="" style="line-height: normal;"><b class="">Mark R Lindsey, SMTS</b></font></span><span class="" style="font-size: 9px; font-family: "Arial Black";"><span class="" style="font-size: 13px;"><font color="#794800" class=""> <span class="" style="font-size: 16px;">|</span> </font></span></span><span class="" style="color: rgb(0, 68, 121); font-size: 9px; font-family: "Arial Black";">+1-229-316-0013</span><font color="#794800" class=""><span class="" style="font-size: 9px; font-family: "Arial Black";"><span class="" style="font-size: 13px;"> </span></span><span class="" style="font-size: 9px; font-family: "Arial Black";"><span class="" style="font-size: 13px;"><span class="" style="font-size: 16px;">|</span></span></span><span class="" style="font-size: 9px; font-family: "Arial Black";"><span class="" style="font-size: 13px;"> </span></span></font><span class="" style="font-size: 9px; font-family: "Arial Black";"><font color="#004479" class=""><a href="mailto:mark@ecg.co" class="">mark@ecg.co</a></font><span class="" style="font-size: 13px;"><font color="#794800" class=""> </font></span></span><span class="" style="font-size: 9px; font-family: "Arial Black";"><span class="" style="font-size: 13px;"><span class="" style="font-size: 16px;"><font color="#794800" class="">|</font></span></span></span><font face="Arial Black" class=""><span class="" style="font-size: 9px;"><b class=""><font color="#794800" class=""> </font><font color="#004479" style="color: rgb(0, 68, 121);" class=""><a href="https://ecg.co/lindsey/" class="" style="color: rgb(0, 68, 121);">https://ecg.co/lindsey/</a></font></b></span></font></font></div><div class=""><br class=""></div><div class=""><br class=""></div></div></div></div></div></div></div></div></div></div></div></div><br class="Apple-interchange-newline"></div><br class="Apple-interchange-newline"></div><br class="Apple-interchange-newline">
</div>

<div><br class=""><blockquote type="cite" class=""><div class="">On May 26, 2021, at 3:38 PM, Mary Lou Carey <<a href="mailto:marylou@backuptelecom.com" class="">marylou@backuptelecom.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div class="">I just heard through the grapevine that several companies have been shut down and/or threatened with the confiscation of their equipment for passing Robocall traffic. The companies that this happened to all claimed someone contacted them and told them to keep the TN/traffic up so they could help catch the offenders. Unfortunately, whoever is advising carriers to keep the traffic up is not on the up and up. The ITG and large carriers came in and shut them down because they continued to pass traffic that was identified as robocalls.<br class=""><br class="">If someone contacts your company about a trace back and advises you to keep the TNs / traffic up, DO NOT LEAVE IT UP! Document everything and turn down the Robocall traffic as soon as possible! Then send both the ITG and large carrier involved the account number and CDRs for the calls in question.<br class=""><br class="">Be safe out there.....it's getting crazy!<br class=""><br class="">MARY LOU CAREY<br class="">BackUP Telecom Consulting<br class="">Office: 615-791-9969<br class="">Cell: 615-796-1111<br class="">_______________________________________________<br class="">VoiceOps mailing list<br class=""><a href="mailto:VoiceOps@voiceops.org" class="">VoiceOps@voiceops.org</a><br class="">https://puck.nether.net/mailman/listinfo/voiceops<br class=""></div></div></blockquote></div><br class=""></div></div></div></body></html>