North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: zotob C&C servers
- From: Gadi Evron
- Date: Tue Aug 16 00:57:31 2005
Michael Grinnell wrote:
We haven't seen it yet on our network, but I was hoping somebody might
have a text dump or packet capture of the C&C traffic that they would
be willing to send me so I can tune our IDS to recognize it. I
already have exploit rules loaded, just wanted to see if the C&C
traffic varied significantly from the (relatively) standard *bot variety.
Matt just got some signatures together:
http://www.bleedingsnort.com/article.php?story=20050814131513212
Enjoy,
Gadi.
|