zotob C&C servers
Gadi Evron
ge at linuxbox.org
Tue Aug 16 05:46:57 UTC 2005
Michael Grinnell wrote:
>
> We haven't seen it yet on our network, but I was hoping somebody might
> have a text dump or packet capture of the C&C traffic that they would
> be willing to send me so I can tune our IDS to recognize it. I
> already have exploit rules loaded, just wanted to see if the C&C
> traffic varied significantly from the (relatively) standard *bot variety.
Matt just got some signatures together:
http://www.bleedingsnort.com/article.php?story=20050814131513212
Enjoy,
Gadi.
More information about the NANOG
mailing list