[nsp-sec] Srizbi bot help!?
Shelton, Steve
sshelton at Cogentco.com
Fri Oct 24 11:41:58 EDT 2008
Hello,
Dose anyone have any useful resources on detecting Srizbi bot's? I'm
currently working on a case that is troublesome. I'm currently
monitoring udp 1024 > 4099 and tcp any > 4099 looking for communications
with the associated controllers. What is troublesome in this case is
that port 25 out is and has been filtered and Spam is still getting out.
Does anyone know of any additional outbound ports the exploit SMTP
engine will push the template based Spam from? Is or has the exploit
been known to spoof source IP's?
Thanks in advance for any assistance!
Steve Shelton
Network Security Engineer
Cogent Communications
More information about the nsp-security
mailing list