[nsp-sec] 37K+ Host Grum Botnet
Gabriel Iovino
giovino at ren-isac.net
Thu Sep 24 17:18:31 EDT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Stephen Gill wrote:
> ----------- nsp-security Confidential --------
>
> Hi Team,
>
> Please visit the following URL for infected Ips in your network seen
> chatting up with this Grum spam botnet head end: 209.160.73.60:80
>
> Timestamps in GMT, last seen times only, though there were several hits per
> IP in the short time we received the data for.
Can the destination IP address and port be shared in notifications?
I ask as organizations with NAT/PAT/Proxies will have a tough time with
identification without a source port OR destination IP.
Thanks
Gabe
- --
Gabriel Iovino
Principal Security Engineer, REN-ISAC
http://www.ren-isac.net
24x7 Watch Desk +1(317)278-6630
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkq74icACgkQwqygxIz+pTvJJACfZrbSeR2aoqlLF/TCTB7FNCLa
2qcAnA9aitwkxsWeX4Ij5HjfA6QdBkcW
=2i4A
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list