To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- Well apparently according to the post by Seth Hall -- these are legitimate servers used for a Korean chat service. There's a few games, chat services, and other things that also rely on IRC based commands. With the number of servers in a row here I wouldn't be surprised if he is correct and that is what it is being used for. Perhaps Brian can packet capture a little more and make sure there aren't any suspicious commands being issued to them.
Steven ----- Original Message ----- From: "John Draper" <[EMAIL PROTECTED]> To: "Steven" <[EMAIL PROTECTED]> Cc: "Brian Allen" <[EMAIL PROTECTED]>; <[email protected]> Sent: Wednesday, March 15, 2006 3:40 AM Subject: Re: [botnets] botnet info > Steven wrote: > >>To report a botnet PRIVATELY please email: [EMAIL PROTECTED] >>---------- >> >> >> ------------------------------------------------------------------------ >> >> Yea it looks like you found a large network of infected machines and >> probably servers that run Microsoft Exchange Chat Service. This seems to >> be one of the alternatives that people use on Windows boxes. That is >> quite a few servers there though.. I thought they'd all link back to the >> same machine but they are apparently a lot of different servers. >> The info before PRIVMSG is the ident and the IP address of other >> machines. > > If these are external IP addresses, and they were at a University, then > I'm not in the least surprised that that many machines > are infected. I have to admit, that's a lot, but when you get students > walking from machine to machine, sticking in their > Thumb drives, then anything can happen. > > John _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
