To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- On Sat, 20 Jan 2007, Elia Florio wrote:
> Has anyone noticed a traffic increase on port UDP/4000 (mainly as src > port) in last 2 days? It seems that the latest spam-run of downloaders > (dubbed Spam.DAM or TrojanPeacomm) builds a new p2p botnet which > communicates using this port. popularily called the "storm worm", new variants are being sent out right this very hour. i had a look at some internet backbone traffic levels of UDP 4000 last night and didn't see significant amounts. while there are new bursts of traffic, the levels are not very high (a few hundred pps in one ASN i looked at) or sustained. summary: while we see a lot of these emails, we're not seeing a lot of the p2p traffic activity. ________ jose nazario, ph.d. [EMAIL PROTECTED] http://monkey.org/~jose/ http://monkey.org/~jose/secnews.html http://www.wormblog.com/ _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
