[nsp-sec] ACK: Re: rustock C&C
Michael Sinatra
michael at rancid.berkeley.edu
Tue Feb 3 16:03:13 EST 2009
On 2/3/09 10:19 AM, Beasley, Jason wrote:
> ----------- nsp-security Confidential --------
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Suresh over at Outblaze has identified what he believes to be an rustock
> C&C existing at 69.10.44.210. From what I can tell, it appears he is
> correct. I've compiled a listing of sources communicating to this
> server. Please check the following list for your ASN:
> http://drakul.nsc.xo.net/asns.txt
> And then the full listing here for the hosts:
> https://asn.cymru.com/nsp-sec/upload/1233681381.whois.txt
> Timestamps are included.
ACK for AS25. I think our IDS team has already picked these up, but
I'll make sure.
michael
More information about the nsp-security
mailing list