To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
----------
------------------------------
Message: 2
Date: Fri, 14 Dec 2007 16:14:54 +0200
From: "Konstantin Barinov" <[EMAIL PROTECTED]>
Subject: [botnets] philka
To: botnets@whitestar.linuxbox.org
Message-ID:
<[EMAIL PROTECTED]>
Content-Type: text/plain; charset="iso-8859-1"
Hello colleagues
Our admins made an interesting discovery today. We have hundreds of client
PC's with same hostname
"philka". Below a little block from dhcpd log file. Did you see something
like this? I doubt all those people
changed computer names in Windows manually.
--
Konstantin Barinov
Dec 14 00:07:56 victor dhcpd: DHCPREQUEST for 172.16.47.25 from
00:19:66:17:0d:da (philka) via vlan15
Dec 14 00:07:56 victor dhcpd: DHCPACK on 172.16.47.25 to 00:19:66:17:0d:da
(philka) via vlan15
**************************************
Very interesting. Please keep us posted on this. Same name usually is denied
access on the same network. This some crazy shit.
RM
_______________________________________________
To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
All list and server information are public and available to law enforcement
upon request.
http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
