[nsp-sec] Questions about c&c 208.73.210.28
Joel Rosenblatt
joel at columbia.edu
Tue Aug 10 08:04:17 EDT 2010
Hi,
Is there any confirmation available that the c&c 208.73.210.28:80 is real?
We are seeing a lot of machines sending small packets (less than 100 bytes) there, but no response from the c&c.
Several universities are seeing this behavior.
Can this behavior be verified as true indication of infected machines, or is this a false positive.
Thank you,
Joel
Joel Rosenblatt, Manager Network & Computer Security
Columbia Information Security Office (CISO)
Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
http://www.columbia.edu/~joel
More information about the nsp-security
mailing list