Re: zotob C&C servers

• From: Gadi Evron
• Date: Tue Aug 16 00:57:31 2005

Michael Grinnell wrote:

We haven't seen it yet on our network, but I was hoping somebody might have a text dump or packet capture of the C&C traffic that they would be willing to send me so I can tune our IDS to recognize it. I already have exploit rules loaded, just wanted to see if the C&C traffic varied significantly from the (relatively) standard *bot variety.

Matt just got some signatures together:
http://www.bleedingsnort.com/article.php?story=20050814131513212

Enjoy,

	Gadi.

• References:
  • zotob C&C servers Gadi Evron
  • Re: zotob C&C servers Michael Grinnell

• Prev by Date: Re: zotob - blocking tcp/445
• Next by Date: Re: zotob - blocking tcp/445
• Date Index
• Thread Index
• Author Index
• Historical