[nsp-sec] Minor Daily Reports Change: new mwtype in bots report
Smith, Donald
Donald.Smith at qwest.com
Wed Jun 23 13:06:45 EDT 2010
It is probably implied but permission to share with the person that manages our auto-report parser:)
(coffee != sleep) & (!coffee == sleep)
Donald.Smith at qwest.com gcia
> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net
> [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of Tim Wilde
> Sent: Wednesday, June 23, 2010 11:01 AM
> To: NSP-SEC List
> Subject: [nsp-sec] Minor Daily Reports Change: new mwtype in
> bots report
>
> ----------- nsp-security Confidential --------
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Good afternoon everyone,
>
> With tomorrow's Daily Reports run, you will begin seeing a
> new "mwtype"
> value in the "bots" report. This new mwtype is "irc-botnet", and will
> be applied to most (eventually probably all) of the entries that
> previously did not have an mwtype specified, and were
> historically just
> assume that you knew were IRC bots. With the addition of various
> different types of bots in this category over the years, we
> figured it's
> about time to make the IRC ones explicit rather than implicit.
> Hopefully this shouldn't mess up anyone's parsing too much, as this
> field has been in place for quite some time. Please don't hesitate to
> let us know if you have any questions, concerns, etc!
>
> Thanks,
> Tim
>
> - --
> Tim Wilde, Senior Software Engineer, Team Cymru, Inc.
> twilde at cymru.com | +1-630-230-5433 | http://www.team-cymru.org/
> -----BEGIN PGP SIGNATURE-----
>
> iEYEARECAAYFAkwiPdsACgkQluRbRini9tgMmwCeJ1oK0igzEBsaqKjVxfuoeU/Z
> M9IAn3EN2WSNNSw8ERWC8JbFOXIJdW2N
> =Nuar
> -----END PGP SIGNATURE-----
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the
> nsp-security
> community. Confidentiality is essential for effective
> Internet security counter-measures.
> _______________________________________________
>
This communication is the property of Qwest and may contain confidential or
privileged information. Unauthorized use of this communication is strictly
prohibited and may be unlawful. If you have received this communication
in error, please immediately notify the sender by reply e-mail and destroy
all copies of the communication and any attachments.
More information about the nsp-security
mailing list