[nsp-sec] Anyone seeing any "packet love/DOS" heading for 64.75.15.144?
Gabriel Iovino
giovino at ren-isac.net
Wed May 6 19:05:42 EDT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Rob Thomas wrote:
> 129.176.151.25 has been a Mebroot/Torpig bot since at least 2009-02-24
> 03:21:48 UTC.
>
> It may be a NAT gateway or (possibly hacked) proxy.
The REN-ISAC has sent several notifications to this institution about
this IP address. It would appear that our notifications are going to
/dev/null or they continue to have infected machines behind a
nat/pat/proxy.
If you want, I can reach out to them via a phone call. Please let me know.
Gabe
- --
Gabriel Iovino
Principal Security Engineer, REN-ISAC
http://www.ren-isac.net
24x7 Watch Desk +1(317)278-6630
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkoCF8YACgkQwqygxIz+pTsE9QCfanuE3MgfjW3UvVWdm8R/dWMp
WowAnA8k8O3PvB0DRySYWJfK+C/SXEdb
=0Cr6
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list