To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- Thanks for your post, Brian. I've seen the same activity from several of our subnets (dorms, computer labs) and didn't know whether it was legitimate or not. I never saw anything malicious come of it, but it was one of those unresolved "mysteries." But your post and follow-up answered my questions. :)
Monica [EMAIL PROTECTED] wrote: > Send botnets mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > http://www.whitestar.linuxbox.org/mailman/listinfo/botnets > or, via email, send a message with subject or body 'help' to > [EMAIL PROTECTED] > > You can reach the person managing the list at > [EMAIL PROTECTED] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of botnets digest..." > > > Today's Topics: > > 1. Re: botnet info (Brian Allen) m > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Wed, 15 Mar 2006 09:05:22 -0600 > From: "Brian Allen" <[EMAIL PROTECTED]> > Subject: Re: [botnets] botnet info > To: <[email protected]> > Message-ID: > <[EMAIL PROTECTED]> > Content-Type: text/plain; charset="us-ascii" > > It does certainly appear to be legitimate traffic to a Korean Instant > messaging service at nate.com, so I am just trying to contact some of > the students in question to verify that is what they are doing. Since > it is spring break here on campus it has been difficult to track them > down. I expect them to verify this is legit, but if not, I will post a > follow-up to this list. > > A couple things threw me off like the NICKs which were random strings of > numbers like a bot, and our IDS alerted on this spike of IRC traffic in > the middle of a semester, not unlike when we got hit with an omgitskp > wave of infections. I hate to post erroneous info and waste people's > time, but I'm glad this list is available so I could get feedback in a > hurry. > > Thanks, > -Brian > > -----Original Message----- > From: Steven [mailto:[EMAIL PROTECTED] > Sent: Wednesday, March 15, 2006 6:03 AM > To: John Draper > Cc: Brian Allen; [email protected] > Subject: Re: [botnets] botnet info > > Well apparently according to the post by Seth Hall -- these are > legitimate > servers used for a Korean chat service. There's a few games, chat > services, > and other things that also rely on IRC based commands. With the number > of > servers in a row here I wouldn't be surprised if he is correct and that > is > what it is being used for. Perhaps Brian can packet capture a little > more > and make sure there aren't any suspicious commands being issued to them. > > Steven > > _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
