[122953] in North American Network Operators' Group
Re: Security Guideance
daemon@ATHENA.MIT.EDU (Gadi Evron)
Tue Feb 23 19:21:31 2010
Date: Wed, 24 Feb 2010 02:20:31 +0200
From: Gadi Evron <ge@linuxbox.org>
To: nanog@nanog.org
In-Reply-To: <C0A98BB6DAFAAB46A78BBA2C51B98F3EF94ABC@nexus.nexicomgroup.net>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 2/23/10 9:46 PM, Paul Stewart wrote:
> Hi folks...
>
> We have a strange series of events going on in the past while.... Brief
> history here, looking for input from the community - especially some of
> the security folks on here.
If you can't discover the malware using methods available to you, are
you able to provide with a packet dump of the DoS? Might help us
pinpoint the relevant botnet and/or bot.
As to web server botnets, you may be interested in this 2007 article
from me on the subject:
http://gadievron.com/publications/GadiEvron_VBFeb07.pdf
Good luck,
Gadi.
--
Gadi Evron,
ge@linuxbox.org.
Blog: http://gevron.livejournal.com/
