Re: zotob C&C servers

• From: Gadi Evron
• Date: Mon Aug 15 15:05:10 2005

Michael Grinnell wrote:

We haven't seen it yet on our network, but I was hoping somebody might have a text dump or packet capture of the C&C traffic that they would be willing to send me so I can tune our IDS to recognize it. I already have exploit rules loaded, just wanted to see if the C&C traffic varied significantly from the (relatively) standard *bot variety.

Hi.

Any IRC JOIN sig will do, channel is: #niggah

	Gadi.

• References:
  • zotob C&C servers Gadi Evron
  • Re: zotob C&C servers Michael Grinnell

• Prev by Date: Re: botnet reporting by AS - what about you?
• Next by Date: Re: zotob - blocking tcp/445
• Date Index
• Thread Index
• Author Index
• Historical