[nsp-sec] Botnet C&C at AS8447 (TELEKOM-AT) 188.20.127.51 ##!woot
Christoph Sprongl
ch at it-austria.net
Wed Mar 3 01:34:21 EST 2010
Tim & Carlos,
if you do need direct contact to AS8447 located in austria let me know..
cheers,
christoph
> ----------- nsp-security Confidential --------
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 3/2/2010 3:38 PM, Carles Fragoso wrote:
>> During an incident we identified a botnet C&C at AS8447 (TELEKOM-AT)
>> 188.20.127.51.
>>
>> [Querying v4.whois.cymru.com]
>> [v4.whois.cymru.com<http://v4.whois.cymru.com>]
>> AS | IP | AS Name
>> 8447 | 188.20.127.51 | TELEKOM-AT Telekom Austria AutonomousSystem
>
> Thanks Carles! This has been verified and integrated into the Cymru
> Hive Mind, it appears to be potentially associated with the DNS RR
> pimp.foilball.info and is active on TCP/65267 as well as TCP/6667.
>
> Thanks,
> Tim
>
> - --
> Tim Wilde, Senior Software Engineer, Team Cymru, Inc.
> twilde at cymru.com | +1-630-230-5433 | http://www.team-cymru.org/
> -----BEGIN PGP SIGNATURE-----
>
> iEYEARECAAYFAkuNfFMACgkQluRbRini9thSggCfYObvV2k7/WcWWZ/0T6cGzklD
> k38AnAsAzDfq7zk9LVK9K6VkV99V+Tq1
> =pguC
> -----END PGP SIGNATURE-----
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security
> counter-measures.
> _______________________________________________
>
>
More information about the nsp-security
mailing list