> 2016-10-27 20:24 GMT+02:00 pa011 <[email protected]>: >> Hi, >> >> got the abuse below on three different exits. Anybody having any idea what >> to do and how to possibly to stop this in the future? >> Thanks Paul >> >> >> CERT-EU has received information regarding an infected IP belonging to your >> network, which may have security problems. The information regarding the >> problems >> is also included as attachments in both CSV and XML formats. All timestamps >> are in >> UTC. >> At this time we do not have any more information. >> >> Where: >> - ASN: is the Autonomous System Number; >> - IP: the Internet Protocol address associated with this activity; >> - TIME: discovery time of the malicious activity; >> - PTR/DNAME: PTR/DNAME record >> - CC: ISO 3166-1 alpha-2 two-letter country code; >> - TYPE: type of the security problem or threat; >> >> - INFO: provides any additional information, if >> available.asn|ip|time|ptr|cc|type|info|info2 >> >> ASxxxxx|xxx.xxx.xxx.xxx|25-10-2016 12:10:09Z|XX|botnet drone|Description: >> Ramnit botnet victim connection to sinkhole details, Timestamp : >> 1477397409.72, City : none, Count: 8, First Seen: 25-10-2016 12:10:09, Last >> Seen: 25-10-2016
> On 28 Oct. 2016, at 09:33, Markus Koch <[email protected]> wrote: > > No. Thats my problem too, around 90% of my abuse mails are bot related > and you cant do anything about it. If you know the destination IP address, and it's a bot Command & Control server, you could block it. The problem is, many use multiple C&C servers, some with dynamic DNS. T -- Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org ------------------------------------------------------------------------------ _______________________________________________ tor-relays mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
