Home page logo

nanog logo nanog mailing list archives

Re: a list of hosts in a RPC BOTNET, mostly 209.x.x.x,
From: Andy Smith <andy () strugglers net>
Date: Wed, 6 Aug 2003 17:53:30 +0100

On Wed, Aug 06, 2003 at 10:37:43AM -0500, neal rauhauser 402-301-9555 wrote:

   Someone has changed the channel topic to "CLOSED, Thanks for the post
to NANOG :-("

  But I don't see hosts being k-lined - I imagine if IRCops took an
interest in this they'd be lopping off heads. 

Lopping off whose heads?  Who exactly would you K: line?  The people
who own those machines who have no idea they even have a process
connecting to IRC?  Or thousands of K:lines for trojans on dynamic
IPs?  Not sure how either approach would really do anything useful,
I guess that Undernet will just render the channel unusable in the
hope that whoever is responsible will then be unable to gather/use
their trojans.

Unfortunately they will now just update their trojan to connect to
some other place, and start redistributing..  all chances of doing
further tracing of who is responsible probably ended with this being
reported in public here on nanog, and I guess that's why the topic
has a ":(" in it.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]