To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
----------
Hello colleagues
Our admins made an interesting discovery today. We have hundreds of client
PC's with same hostname
"philka". Below a little block from dhcpd log file. Did you see something
like this? I doubt all those people
changed computer names in Windows manually.
--
Konstantin Barinov
Dec 14 00:07:56 victor dhcpd: DHCPREQUEST for 172.16.47.25 from
00:19:66:17:0d:da (philka) via vlan15
Dec 14 00:07:56 victor dhcpd: DHCPACK on 172.16.47.25 to 00:19:66:17:0d:da
(philka) via vlan15
Dec 14 00:18:01 victor dhcpd: DHCPREQUEST for 172.17.30.203 from
00:13:d4:0f:d2:89 (philka) via vlan45
Dec 14 00:18:01 victor dhcpd: DHCPACK on 172.17.30.203 to 00:13:d4:0f:d2:89
(philka) via vlan45
Dec 14 00:18:03 victor dhcpd: DHCPREQUEST for 172.17.30.203 from
00:13:d4:0f:d2:89 (philka) via vlan45
Dec 14 00:18:03 victor dhcpd: DHCPACK on 172.17.30.203 to 00:13:d4:0f:d2:89
(philka) via vlan45
Dec 14 00:23:50 victor dhcpd: DHCPREQUEST for 172.18.133.113 from
00:40:f4:88:56:94 (philka) via vlan58
Dec 14 00:23:50 victor dhcpd: DHCPACK on 172.18.133.113 to 00:40:f4:88:56:94
(philka) via vlan58
Dec 14 00:24:33 victor dhcpd: DHCPREQUEST for 172.16.60.34 from
00:40:95:32:42:b3 (philka) via vlan17
Dec 14 00:24:33 victor dhcpd: DHCPACK on 172.16.60.34 to 00:40:95:32:42:b3
(philka) via vlan17
Dec 14 00:31:50 victor dhcpd: DHCPREQUEST for 172.17.21.154 from
00:13:d4:80:27:69 (philka) via vlan44
Dec 14 00:31:50 victor dhcpd: DHCPACK on 172.17.21.154 to 00:13:d4:80:27:69
(philka) via vlan44
Dec 14 00:33:04 victor dhcpd: DHCPREQUEST for 172.16.115.252 from
00:13:8f:59:e5:a1 (philka) via vlan64
Dec 14 00:33:04 victor dhcpd: DHCPACK on 172.16.115.252 to 00:13:8f:59:e5:a1
(philka) via vlan64
Dec 14 00:46:45 victor dhcpd: DHCPREQUEST for 172.18.131.82 from
00:50:22:e8:65:41 (philka) via vlan58
Dec 14 00:46:45 victor dhcpd: DHCPACK on 172.18.131.82 to 00:50:22:e8:65:41
(philka) via vlan58
Dec 14 00:47:19 victor dhcpd: DHCPOFFER on 172.16.80.36 to 00:0e:2e:36:df:9b
(philka) via vlan20
Dec 14 00:47:22 victor dhcpd: DHCPDISCOVER from 00:0e:2e:36:df:9b (philka)
via vlan20
Dec 14 00:47:22 victor dhcpd: DHCPOFFER on 172.16.80.36 to 00:0e:2e:36:df:9b
(philka) via vlan20
Dec 14 00:47:22 victor dhcpd: DHCPDISCOVER from 00:0e:2e:36:df:9b (philka)
via vlan20
Dec 14 00:47:22 victor dhcpd: DHCPOFFER on 172.16.80.36 to 00:0e:2e:36:df:9b
(philka) via vlan20
Dec 14 00:47:22 victor dhcpd: DHCPREQUEST for 172.16.80.36 (172.16.80.8)
from 00:0e:2e:36:df:9b (philka) via vlan20
Dec 14 00:47:22 victor dhcpd: DHCPACK on 172.16.80.36 to 00:0e:2e:36:df:9b
(philka) via vlan20
Dec 14 00:47:22 victor dhcpd: DHCPREQUEST for 172.16.80.36 (172.16.80.8)
from 00:0e:2e:36:df:9b (philka) via vlan20
Dec 14 00:47:22 victor dhcpd: DHCPACK on 172.16.80.36 to 00:0e:2e:36:df:9b
(philka) via vlan20
Dec 14 00:47:23 victor dhcpd: DHCPREQUEST for 172.17.21.154 from
00:13:d4:80:27:69 (philka) via vlan44
Dec 14 00:47:23 victor dhcpd: DHCPACK on 172.17.21.154 to 00:13:d4:80:27:69
(philka) via vlan44
Dec 14 00:53:03 victor dhcpd: DHCPDISCOVER from 00:0e:2e:36:df:9b (philka)
via vlan20
_______________________________________________
To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
All list and server information are public and available to law enforcement
upon request.
http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
