[nsp-sec] Flashback C&C ?
Mike Tancsa
mike at sentex.net
Mon Apr 16 16:33:04 EDT 2012
On 4/16/2012 4:22 PM, Eric Ziegast wrote:
> ----------- nsp-security Confidential --------
>
> About CCIRC: I know that CCIRC is a real organization run by Public
> Safety Canada. If you got a notice, they probably think you're a
> Canadian organization in their notification domain. You might have a
> canadian ISP as one of your uplinks.
Thanks for the info. We are actually a Canadian ISP :)
>
> For anyone disseminating information, it may help those notified to
> include time stamps and source port numbers along with the IP
> addresses so that the affected organization can do some better
> attribution to the correct client in case there are NAT or DHCP issues.
Yes a few sites in my network that contacted that host are large orgs
with many internal hosts. So accurate time data and ephemeral ports
would be very handy.
---Mike
--
-------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, mike at sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada http://www.tancsa.com/
More information about the nsp-security
mailing list