> Earlier this year, the Mirai defendants worked with FBI agents in Alaska to counter a new evolution of DDoS, known as Memcache

what the heck?

> The Mirai court documents outline how Dalton, Jha, and White jumped into action in March as the attacks propagated online, working alongside the FBI and the security industry to identify vulnerable servers.

As in, scan every IP for port 11211?

DiabloD3

And scanning every IP for a port is how you trigger automatic abuse reports to whoever owns the IP block, and failure to respond to said abuse reports (and, more importantly, ceasing said abusive behavior) leads to eventually the attacker (the aforementioned government office) having their Internet service ended due to ToS violations.

Not only that, I suspect some ISPs now run 11211 honeypots to capture networks that source such attacks, so eventually the FBI would end up in common RBLs due to their abusive behavior.

In short, I suspect this entire article is bullshit. It is on Wired, after all.

zmapuser

There are many, many institutions preforming global IPv4 scans daily and many tools that allow you to do it[0][1][2]. The trick is to "Be a good citizen", work with a scan friendly host, signal your benevolence, and limit the rate at which you scan. Also smart to black-list DoD networks. If you don't believe me setup a honey pot and open up a popular udp amplification port. Haven't done so myself but I would expect many instances of scanning would be seen everyday.

[0]:https://zmap.io/ [1]:https://github.com/robertdavidgraham/masscan [2]:https://memcachedscan.shadowserver.org/