To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ----------
------------------------------ Message: 2 Date: Fri, 14 Dec 2007 16:14:54 +0200 From: "Konstantin Barinov" <[EMAIL PROTECTED]> Subject: [botnets] philka To: botnets@whitestar.linuxbox.org Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="iso-8859-1" Hello colleagues Our admins made an interesting discovery today. We have hundreds of client PC's with same hostname "philka". Below a little block from dhcpd log file. Did you see something like this? I doubt all those people changed computer names in Windows manually. -- Konstantin Barinov Dec 14 00:07:56 victor dhcpd: DHCPREQUEST for 172.16.47.25 from 00:19:66:17:0d:da (philka) via vlan15 Dec 14 00:07:56 victor dhcpd: DHCPACK on 172.16.47.25 to 00:19:66:17:0d:da (philka) via vlan15 ************************************** Very interesting. Please keep us posted on this. Same name usually is denied access on the same network. This some crazy shit. RM _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets