To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- [EMAIL PROTECTED] wrote:
>To report a botnet PRIVATELY please email: [EMAIL PROTECTED] >---------- > > > ------------------------------------------------------------------------ > > > Please forgive the newbie question - I'll try to make it my only one :^) > > A couple of PCs here are trying to get to IRC servers on TCP port > 8080. The traffic is blocked and logged by our firewalls, so is no > immediate threat in itself. The destination addresses are not > associated with any known malware (or weren't last time I looked), so > I can't be absolutely certain that the IRC boxes are controllers > (though it's difficult to think of an innocent reason for putting IRC > servers on 8080 or for a PC trying the same addresses repeatedly 24 > hours a day!). Are you able to pinpoint where the IRC traffic is coming from? Are you using TCPDump or Etherreal to sniff and determine it's source IP? john _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
