[60331] in North American Network Operators' Group
Re: a list of hosts in a RPC BOTNET, mostly 209.x.x.x,
daemon@ATHENA.MIT.EDU (Jan Czmok)
Wed Aug 6 14:37:53 2003
Date: Wed, 6 Aug 2003 20:34:34 +0200
From: Jan Czmok <jan.czmok@gatel.net>
To: Pascal Gloor <pascal.gloor@spale.com>
Cc: neal rauhauser 402-301-9555 <neal@lists.rauhauser.net>,
Drew Weaver <drew.weaver@thenap.com>, nanog@merit.edu
In-Reply-To: <001801c35c39$cb8a36f0$0300000a@spale>
Errors-To: owner-nanog-outgoing@merit.edu
Pascal Gloor (pascal.gloor@spale.com) wrote:
>
> > The controlling node for this problem seems to be:
> >
> > spaley spale@le.seul.ircop.a.cul.nu
>
> This is me, and I blocked the channel. I'm part of the Abuse-Exploit Term of
> Undernet and an Undernet Administrator. I am, for sure, not the originator
> of those trojans!
>
Hi Pascal,
Hi Nanog,
i remember that i saw an old cartoon on userfriendly. the 31337 way is:
!SYN 127.0.0.1
let them SYN off their own network and repeat it until it stops.
it does not harm ANY resources, except the infected hosts.
just my .2 cents
--jan
--
Jan Czmok, Network Engineering & Support, Global Access Telecomm, Inc.
Ph.: +49 69 299896-35 - fax: +49 69 299896-40 - sip:13129*522@inoc-dba.pch.net
