To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- On 14/12/2007, RVaughn <[EMAIL PROTECTED]> wrote: > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > ---------- > Could this possibly be a switch problem?
I'd be inclined to look for configuration errors as well - I haven't seen any bots that get involved with DHCP. Do the MAC addresses make sense for your network if you look up the OUI? Have you tried sniffing subsequent traffic from these machines? e.g. 00-13-D4 (hex) ASUSTek COMPUTER INC. 0013D4 (base 16) ASUSTek COMPUTER INC. No.5 Shing Yeh Street Kwei Shan Hsiang Tao Yuan Hsien 333 TAIWAN, REPUBLIC OF CHINA Lookup courtesy of http://standards.ieee.org/regauth/oui/index.shtml cheers, Jamie -- Jamie Riden / [EMAIL PROTECTED] / [EMAIL PROTECTED] UK Honeynet Project: http://www.ukhoneynet.org/ _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets