[nsp-sec] black_energy ddos drones
Chris Calvert
Chris.Calvert at telus.com
Wed Oct 28 14:05:01 EDT 2009
Great, thanks Dirk
ACK for AS852.
> -----Original Message-----
> From: Dirk Stander [mailto:dst+nsp-sec at glaskugel.org]
> Sent: Wednesday, October 28, 2009 11:38 AM
> To: Chris Calvert
> Cc: 'NSP-Sec'
> Subject: Re: [nsp-sec] black_energy ddos drones
>
> Hi Chris,
>
> > Timestamps in GMT?
>
> yes, the timestamps are GMT
>
> > How false positive prone is this data, in your opinion?
>
> i've been very carefully with filtering the logs -- i've used only
> IPs, who did more than 100 connects/day and who did not show any
> other signs of a ``real'' browser (like requesting favicon.ico'' et al)
>
> thanks and kind regards, Dirk :.
More information about the nsp-security
mailing list