[nsp-sec] IPs contacting Zeus c&c resend with the log

Smith, Donald Donald.Smith at CenturyLink.com
Wed Oct 19 13:57:33 EDT 2011 

Resending as a zip in case the log file is too big of an attachment.



When packets collide the controllers cease transmission AND wait a random time before retransmission (mostly)!
Donald.Smith at CenturyLink.com


> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net [mailto:nsp-security-
> bounces at puck.nether.net] On Behalf Of Rodolfo Baader
> Sent: Wednesday, October 19, 2011 10:49 AM
> To: nsp-security at puck.nether.net
> Subject: Re: [nsp-sec] IPs contacting Zeus c&c resend with the log
>
> ----------- nsp-security Confidential --------
>
> The information is missing.
>
>
> El 18/10/11 14:42, Smith, Donald escribió:
> > ----------- nsp-security Confidential --------
> >
> > Our email filter ate the last one because it was gziped :(
> > Sorry it is not that large so here is the log without gzipping :)
> >
> >
> > "Pampers use multiple layers of protection to prevent leakage.
> > Rommel used defense in depth to defend European fortresses."
> (A.White)
> > Donald.Smith at CenturyLink.com
> >
> >
> >
> > This communication is the property of CenturyLink and may contain
> confidential or privileged information. Unauthorized use of this
> communication is strictly
> > prohibited and may be unlawful.  If you have received this
> communication
> > in error, please immediately notify the sender by reply e-mail and
> destroy
> > all copies of the communication and any attachments.
> >
> >
> >
> >
> >
> > _______________________________________________
> > nsp-security mailing list
> > nsp-security at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/nsp-security
> >
> > Please do not Forward, CC, or BCC this E-mail outside of the nsp-
> security
> > community. Confidentiality is essential for effective Internet
> security counter-measures.
> > _______________________________________________
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-
> security
> community. Confidentiality is essential for effective Internet security
> counter-measures.
> _______________________________________________

This communication is the property of CenturyLink and may contain confidential or privileged information. Unauthorized use of this communication is strictly
prohibited and may be unlawful.  If you have received this communication
in error, please immediately notify the sender by reply e-mail and destroy
all copies of the communication and any attachments.

More information about the nsp-security mailing list