To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ----------
Please forgive the newbie question - I'll try to make it my only one :^)
A couple of PCs here are trying to get to IRC servers on TCP port 8080. The traffic is blocked and logged by our firewalls, so is no immediate threat in itself. The destination addresses are not associated with any known malware (or weren't last time I looked), so I can't be absolutely certain that the IRC boxes are controllers (though it's difficult to think of an innocent reason for putting IRC servers on 8080 or for a PC trying the same addresses repeatedly 24 hours a day!).
What is the etiquette in such a case? Should I report the IRC servers to the site administrator(s)? Should I report the addresses here (or elsewhere) even though I'm not certain that they are bot-related?
Unfortunately my organisation only provides network services to our client, so I cannot produce any useful evidence from the PCs themselves, and their IT dept has neither the time nor the skills to extract any such evidence - if they do anything at all, it'll probably be a re-installation.
Thanks.
Regards,
Dave
***Disclaimer****
This e-mail and any attachments may contain confidential and/or privileged material; it is for the intended addressee(s) only. If you are not a named addressee, you must not use, retain or disclose such information.
Serco cannot guarantee that the e-mail or any attachments are free from viruses.
The views expressed in this e-mail are those of the originator and do not necessarily represent the views of Serco.
Nothing in this e-mail shall bind Serco in any contract or obligation.
Serco Group plc. Registered in England and Wales. No: 2048608
Registered Office: Serco House, 16 Bartley Wood Business Park, Bartley Way, Hook, Hampshire, RG27 9UY, United Kingdom.
_______________________________________________ botnets mailing list To report a botnet PRIVATELY please email: [EMAIL PROTECTED] http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
