[nsp-sec] Ping AS8001/AS36351 - possible botnet C&C
Ryan Pavely
paradox at nac.net
Thu Mar 13 12:23:42 EDT 2008
ACK 8001 again..
More Russians. I have asked our customer what other 'servers' this
customer of his has so I can peek at them.
Again I am queuing up sniffer logs on this new ip if anyone wants them.
<joke>
I'm excited! I've been sad for a few months that AS8001 hasn't been in
any good attacks. I felt like the bad guys didn't like us anymore. :(
</joke>
Zoe O'Connell wrote:
> Ryan Pavely wrote:
>> ----------- nsp-security Confidential --------
>>
>> ACK 8001.
>>
>> 64.21.149.167 is a loopback IP for a dedicated server leased by
> Russians. I locked out the server and fwd'd a message off to our
> network/abuse staff.
>
> Two more "master" C&Cs, one in AS8001...
>
> 8001 | 64.21.181.87 | NET-ACCESS-CORP - Net Access Corporation
> 36351 | 75.126.189.178 | SOFTLAYER - SoftLayer Technologies Inc.
>
>
>
>
--
Ryan Pavely
Director Research And Development
Net Access Corporation
http://www.nac.net/ http://www.15minuteservers.com/
More information about the nsp-security
mailing list