There is a pretty good writeup on the shadowserver site about each of the items they report. For the botnet related (search botnet) they give some documentation (separate link) but with many of these, too much information about what you are doing spoils the pot as it were...
-- Larry Smith [email protected] On Tue September 5 2017 09:40, Steve Jones wrote: > We get these reports, of yet i havent found any to be false positives, I > notify customers of s detected risk once then leave it on them. > However we now have one thats reporting mirai botnet drone detection. We > notified the customer, it went away for a like a week and has resurfaced. > hes got some ingenius gateway thing, looks like its an IP > camera/filesharing/gps location tracking deal. > > Before I shut this customer off, I just want to be able to verify this isnt > a false positive. There are many scanners for this online but will only > scan the IP that originates, we did send him a link > > The tools for scanning appears to limit to local subnet only. > > shadowservers report isnt all that clear on whether its simply detected a > vulnerability, or has detected a fingerprint of the infection, If it didnt > specifically name the infection I would assume the former.
