[83437] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: zotob C&C servers

daemon@ATHENA.MIT.EDU (Gadi Evron)
Mon Aug 15 15:04:15 2005

Date: Mon, 15 Aug 2005 22:00:20 +0200
From: Gadi Evron <ge@linuxbox.org>
To: Michael Grinnell <grinnell@american.edu>
Cc: nanog list <nanog@merit.edu>
In-Reply-To: <C2CFE28E-41A4-4CBF-B15E-37C7960D5964@american.edu>
Errors-To: owner-nanog@merit.edu


Michael Grinnell wrote:
> 
> We haven't seen it yet on our network, but I was hoping somebody  might 
> have a text dump or packet capture of the C&C traffic that they  would 
> be willing to send me so I can tune our IDS to recognize it.    I 
> already have exploit rules loaded, just wanted to see if the C&C  
> traffic varied significantly from the (relatively) standard *bot  variety.

Hi.

Any IRC JOIN sig will do, channel is: #niggah

	Gadi.


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[83437] in North American Network Operators' Group

Re: zotob C&C servers

daemon@ATHENA.MIT.EDU (Gadi Evron)Mon Aug 15 15:04:15 2005

daemon@ATHENA.MIT.EDU (Gadi Evron)
Mon Aug 15 15:04:15 2005