a list of hosts in a RPC BOTNET, mostly 209.x.x.x,

• Previous message (by thread): a list of hosts in a RPC BOTNET, mostly 209.x.x.x,
• Next message (by thread): a list of hosts in a RPC BOTNET, mostly 209.x.x.x,
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Aug 06, 2003 at 10:37:43AM -0500, neal rauhauser 402-301-9555 wrote:
> 
>    Someone has changed the channel topic to "CLOSED, Thanks for the post
> to NANOG :-("
> 
>   But I don't see hosts being k-lined - I imagine if IRCops took an
> interest in this they'd be lopping off heads. 

Lopping off whose heads?  Who exactly would you K: line?  The people
who own those machines who have no idea they even have a process
connecting to IRC?  Or thousands of K:lines for trojans on dynamic
IPs?  Not sure how either approach would really do anything useful,
I guess that Undernet will just render the channel unusable in the
hope that whoever is responsible will then be unable to gather/use
their trojans.

Unfortunately they will now just update their trojan to connect to
some other place, and start redistributing..  all chances of doing
further tracing of who is responsible probably ended with this being
reported in public here on nanog, and I guess that's why the topic
has a ":(" in it.

• Previous message (by thread): a list of hosts in a RPC BOTNET, mostly 209.x.x.x,
• Next message (by thread): a list of hosts in a RPC BOTNET, mostly 209.x.x.x,
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]