Thanks, the only thing is that these, like most, websites are very vague about the mechanics behind the infiltration. Thus the reason why I asked about finding some source code/example code. Its pretty nice that these folks (symantics/trend) offer free help regarding these items, but the facts (TCP/UDP ports, DNS poisioning methods) are buried doesn't help much. Perhaps I am missing something though.
Regards > -----Original Message----- > From: Barry Raveendran Greene [mailto:bgre...@senki.org] > Sent: Sunday, March 29, 2009 7:48 PM > To: 'Joe Blanchard'; nanog@nanog.org > Subject: RE: The Confiker Virus.