To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- Packet Trace?
If you can fetch enough packet data, perhaps you can identify what it's trying to do based on signatures. -Dan [EMAIL PROTECTED] wrote: > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > ---------- > > > ------------------------------------------------------------------------ > > > Please forgive the newbie question - I'll try to make it my only one :^) > > A couple of PCs here are trying to get to IRC servers on TCP port 8080. > The traffic is blocked and logged by our firewalls, so is no immediate > threat in itself. The destination addresses are not associated with any > known malware (or weren't last time I looked), so I can't be absolutely > certain that the IRC boxes are controllers (though it's difficult to > think of an innocent reason for putting IRC servers on 8080 or for a PC > trying the same addresses repeatedly 24 hours a day!). > > What is the etiquette in such a case? Should I report the IRC servers to > the site administrator(s)? Should I report the addresses here (or > elsewhere) even though I'm not certain that they are bot-related? > > Unfortunately my organisation only provides network services to our > client, so I cannot produce any useful evidence from the PCs themselves, > and their IT dept has neither the time nor the skills to extract any > such evidence - if they do anything at all, it'll probably be a > re-installation. > > Thanks. > > Regards, > > Dave > > > ***Disclaimer**** > This e-mail and any attachments may contain confidential and/or > privileged material; it is for the intended addressee(s) only. If you > are not a named addressee, you must not use, retain or disclose such > information. > Serco cannot guarantee that the e-mail or any attachments are free from > viruses. > The views expressed in this e-mail are those of the originator and do > not necessarily represent the views of Serco. > Nothing in this e-mail shall bind Serco in any contract or obligation. > Serco Group plc. Registered in England and Wales. No: 2048608 > Registered Office: Serco House, 16 Bartley Wood Business Park, Bartley > Way, Hook, Hampshire, RG27 9UY, United Kingdom. > > > ------------------------------------------------------------------------ > > _______________________________________________ > botnets mailing list > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > http://www.whitestar.linuxbox.org/mailman/listinfo/botnets _______________________________________________ botnets mailing list To report a botnet PRIVATELY please email: [EMAIL PROTECTED] http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
