[nsp-sec] Likely compromised hosts
Gabriel Iovino
giovino at ren-isac.net
Tue Mar 16 16:06:49 EDT 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Greetings,
A ircd C&C was discovered on .edu network and a two hour window of
network flow was captured to the C&C.
DstIP:Port = 128.119.89.17:6667
Attached is a file of hosts seen connecting to that IP:Port in said time
window.
Info column = FirstSeen LastSeen Count
You can pass along the DstIP:Port listed above if needed for remediation
purposes.
Please take whatever actions you deem appropriate and please let me know
if you have any questions or comments.
Gabe
- --
Gabriel Iovino
Principal Security Engineer, REN-ISAC
http://www.ren-isac.net
24x7 Watch Desk +1(317)278-6630
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkuf5NgACgkQwqygxIz+pTtVFwCaAn3KSRiRKHqaKftBydXsgKbW
9e4AoKqfeYSD8Ak3A3Piek86HuYQd3fG
=ARk0
-----END PGP SIGNATURE-----
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: asn_results.txt
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20100316/893d86a3/attachment-0001.txt>
More information about the nsp-security
mailing list