zotob C&C servers

• Previous message (by thread): zotob C&C servers
• Next message (by thread): zotob - blocking tcp/445
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Michael Grinnell wrote:
> 
> We haven't seen it yet on our network, but I was hoping somebody  might 
> have a text dump or packet capture of the C&C traffic that they  would 
> be willing to send me so I can tune our IDS to recognize it.    I 
> already have exploit rules loaded, just wanted to see if the C&C  
> traffic varied significantly from the (relatively) standard *bot  variety.

Matt just got some signatures together:
http://www.bleedingsnort.com/article.php?story=20050814131513212

Enjoy,

	Gadi.

• Previous message (by thread): zotob C&C servers
• Next message (by thread): zotob - blocking tcp/445
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]