[nsp-sec] Botnet C&C at AS8447 (TELEKOM-AT) 188.20.127.51 ##!woot
Tim Wilde
twilde at cymru.com
Tue Mar 2 16:00:03 EST 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 3/2/2010 3:38 PM, Carles Fragoso wrote:
> During an incident we identified a botnet C&C at AS8447 (TELEKOM-AT) 188.20.127.51.
>
> [Querying v4.whois.cymru.com]
> [v4.whois.cymru.com<http://v4.whois.cymru.com>]
> AS | IP | AS Name
> 8447 | 188.20.127.51 | TELEKOM-AT Telekom Austria AutonomousSystem
Thanks Carles! This has been verified and integrated into the Cymru
Hive Mind, it appears to be potentially associated with the DNS RR
pimp.foilball.info and is active on TCP/65267 as well as TCP/6667.
Thanks,
Tim
- --
Tim Wilde, Senior Software Engineer, Team Cymru, Inc.
twilde at cymru.com | +1-630-230-5433 | http://www.team-cymru.org/
-----BEGIN PGP SIGNATURE-----
iEYEARECAAYFAkuNfFMACgkQluRbRini9thSggCfYObvV2k7/WcWWZ/0T6cGzklD
k38AnAsAzDfq7zk9LVK9K6VkV99V+Tq1
=pguC
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list