[nsp-sec] 1Million Botnet Ips
Andreas Bunten
bunten at dfn-cert.de
Tue Jul 8 03:48:32 EDT 2008
Stephen Gill schrieb:
> Cert.at has assembled an excellent report on the nadnadzzz.info botnet along
> with a large list of compromised IPs! They have put together an analysis
> summary and individual report files of compromised hosts sorted by ASN at
> the following location:
(...)
Hi,
is there maybe a problem with the timestamps?
One of our sites had only one timestamp in the dataset: 21:52 GMT+02
They only saw flows to the C&C between 22:41:36.601 and 23:29:34.815
(also GMT+02)
Regards,
andreas-b, as 680 (German research network)
--
Andreas Bunten (CSIRT), +49 40 808077-555
DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-555
Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737
Sachsenstrasse 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski
Automatische Warnmeldungen https://www.cert.dfn.de/autowarn
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5897 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20080708/7d2589ba/attachment-0001.bin>
More information about the nsp-security
mailing list