To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- Could this possibly be a switch problem?
Konstantin Barinov wrote: > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > ---------- > > > ------------------------------------------------------------------------ > > Hello colleagues > > Our admins made an interesting discovery today. We have hundreds of client > PC's with same hostname > "philka". Below a little block from dhcpd log file. Did you see something > like this? I doubt all those people > changed computer names in Windows manually. > > -- > Konstantin Barinov > > > > Dec 14 00:07:56 victor dhcpd: DHCPREQUEST for 172.16.47.25 from > 00:19:66:17:0d:da (philka) via vlan15 > Dec 14 00:07:56 victor dhcpd: DHCPACK on 172.16.47.25 to 00:19:66:17:0d:da > (philka) via vlan15 > Dec 14 00:18:01 victor dhcpd: DHCPREQUEST for 172.17.30.203 from > 00:13:d4:0f:d2:89 (philka) via vlan45 > Dec 14 00:18:01 victor dhcpd: DHCPACK on 172.17.30.203 to 00:13:d4:0f:d2:89 > (philka) via vlan45 > Dec 14 00:18:03 victor dhcpd: DHCPREQUEST for 172.17.30.203 from > 00:13:d4:0f:d2:89 (philka) via vlan45 > Dec 14 00:18:03 victor dhcpd: DHCPACK on 172.17.30.203 to 00:13:d4:0f:d2:89 > (philka) via vlan45 > Dec 14 00:23:50 victor dhcpd: DHCPREQUEST for 172.18.133.113 from > 00:40:f4:88:56:94 (philka) via vlan58 > Dec 14 00:23:50 victor dhcpd: DHCPACK on 172.18.133.113 to 00:40:f4:88:56:94 > (philka) via vlan58 > Dec 14 00:24:33 victor dhcpd: DHCPREQUEST for 172.16.60.34 from > 00:40:95:32:42:b3 (philka) via vlan17 > Dec 14 00:24:33 victor dhcpd: DHCPACK on 172.16.60.34 to 00:40:95:32:42:b3 > (philka) via vlan17 > Dec 14 00:31:50 victor dhcpd: DHCPREQUEST for 172.17.21.154 from > 00:13:d4:80:27:69 (philka) via vlan44 > Dec 14 00:31:50 victor dhcpd: DHCPACK on 172.17.21.154 to 00:13:d4:80:27:69 > (philka) via vlan44 > Dec 14 00:33:04 victor dhcpd: DHCPREQUEST for 172.16.115.252 from > 00:13:8f:59:e5:a1 (philka) via vlan64 > Dec 14 00:33:04 victor dhcpd: DHCPACK on 172.16.115.252 to 00:13:8f:59:e5:a1 > (philka) via vlan64 > Dec 14 00:46:45 victor dhcpd: DHCPREQUEST for 172.18.131.82 from > 00:50:22:e8:65:41 (philka) via vlan58 > Dec 14 00:46:45 victor dhcpd: DHCPACK on 172.18.131.82 to 00:50:22:e8:65:41 > (philka) via vlan58 > Dec 14 00:47:19 victor dhcpd: DHCPOFFER on 172.16.80.36 to 00:0e:2e:36:df:9b > (philka) via vlan20 > Dec 14 00:47:22 victor dhcpd: DHCPDISCOVER from 00:0e:2e:36:df:9b (philka) > via vlan20 > Dec 14 00:47:22 victor dhcpd: DHCPOFFER on 172.16.80.36 to 00:0e:2e:36:df:9b > (philka) via vlan20 > Dec 14 00:47:22 victor dhcpd: DHCPDISCOVER from 00:0e:2e:36:df:9b (philka) > via vlan20 > Dec 14 00:47:22 victor dhcpd: DHCPOFFER on 172.16.80.36 to 00:0e:2e:36:df:9b > (philka) via vlan20 > Dec 14 00:47:22 victor dhcpd: DHCPREQUEST for 172.16.80.36 (172.16.80.8) > from 00:0e:2e:36:df:9b (philka) via vlan20 > Dec 14 00:47:22 victor dhcpd: DHCPACK on 172.16.80.36 to 00:0e:2e:36:df:9b > (philka) via vlan20 > Dec 14 00:47:22 victor dhcpd: DHCPREQUEST for 172.16.80.36 (172.16.80.8) > from 00:0e:2e:36:df:9b (philka) via vlan20 > Dec 14 00:47:22 victor dhcpd: DHCPACK on 172.16.80.36 to 00:0e:2e:36:df:9b > (philka) via vlan20 > Dec 14 00:47:23 victor dhcpd: DHCPREQUEST for 172.17.21.154 from > 00:13:d4:80:27:69 (philka) via vlan44 > Dec 14 00:47:23 victor dhcpd: DHCPACK on 172.17.21.154 to 00:13:d4:80:27:69 > (philka) via vlan44 > Dec 14 00:53:03 victor dhcpd: DHCPDISCOVER from 00:0e:2e:36:df:9b (philka) > via vlan20 > > > > ------------------------------------------------------------------------ > > _______________________________________________ > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > All list and server information are public and available to law enforcement > upon request. > http://www.whitestar.linuxbox.org/mailman/listinfo/botnets _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
