nanog mailing list archives
Re: zotob C&C servers
From: Gadi Evron <ge () linuxbox org>
Date: Mon, 15 Aug 2005 22:00:20 +0200
Michael Grinnell wrote:
We haven't seen it yet on our network, but I was hoping somebody might have a text dump or packet capture of the C&C traffic that they would be willing to send me so I can tune our IDS to recognize it. I already have exploit rules loaded, just wanted to see if the C&C traffic varied significantly from the (relatively) standard *bot variety.
Hi. Any IRC JOIN sig will do, channel is: #niggah Gadi.
Current thread:
- zotob C&C servers Gadi Evron (Aug 15)
- Re: zotob C&C servers Michael Grinnell (Aug 15)
- Re: zotob C&C servers Gadi Evron (Aug 15)
- Re: zotob C&C servers Gadi Evron (Aug 15)
- Re: zotob C&C servers Michael Grinnell (Aug 15)