[nsp-sec] DSL reports under ddos -- C&C info - AS 9121 (TR)
Jose Nazario
jose at arbor.net
Wed Mar 19 15:20:07 EDT 2008
On Wed, 19 Mar 2008, Smith, Donald wrote:
> I see no flows towards the bot cc ip address identified. Which I could
> almost believe if the bot cc was fairly quite.
lucky you, the cmd is still posted:
last seen 2008-03-19 15:03:56 US Eastern
looks like a botnet in the low thousands for numbers.
-------------------------------------------------------------
jose nazario, ph.d. <jose at arbor.net>
security researcher, office of the CTO, arbor networks
v: (734) 821 1427 http://asert.arbornetworks.com/
More information about the nsp-security
mailing list