zotob C&C servers
Gadi Evron
ge at linuxbox.org
Mon Aug 15 20:00:20 UTC 2005
Michael Grinnell wrote:
>
> We haven't seen it yet on our network, but I was hoping somebody might
> have a text dump or packet capture of the C&C traffic that they would
> be willing to send me so I can tune our IDS to recognize it. I
> already have exploit rules loaded, just wanted to see if the C&C
> traffic varied significantly from the (relatively) standard *bot variety.
Hi.
Any IRC JOIN sig will do, channel is: #niggah
Gadi.
More information about the NANOG
mailing list