[nsp-sec] 268 potential botnet IPs
David Freedman
david.freedman at uk.clara.net
Tue Jul 15 11:46:59 EDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I don't I'm afraid, I had a snaplen of 1500 and any packet without the
string "host" was flagged up (and only reported if it had significant hits)
Anyway, I'm sure this is a false positive being that is is google :)
Peter Moody wrote:
>> 15169 | 66.249.66.129 | GOOGLE - Google Inc.
>
> 129.66.249.66.in-addr.arpa domain name pointer
> crawl-66-249-66-129.googlebot.com.
>
> the googlebot usually has headers/etc. do you have any dump of the
> traffic from this host?
>
>
>
- --
David Freedman
Group Network Engineering
Claranet Limited
http://www.clara.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFIfMZztFWeqpgEZrIRAmNWAJ9tYznX/AIGBeZ8PgsaQbyXBI30TwCfavFr
SJD/d6/iVvTwOFnv0/+63ZE=
=xXwn
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list