[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: shadowserver.org



On Mon, Jun 14, 2010 at 05:36:02PM -0400, 7v5w7go9ub0o wrote:
> What, specifically, are they tracking to your IP? This unspecific
> complaint could be anything from an innocent series of pings, to an out
> and out stream from metasploit!?

I don't really know. I have no direct communication, only my provider's
tickets. According to them shadowserver alternately complains about
"IRC-Bots", "HTTP-Drones", "Botnet-Drones" and "Botnets".

Last thing was that their honeypots recorded access of an IRC-Bot to a
"Command & Control Server" from which it got orders to launch a
DDos-attack. First, I wonder why this bot contacts their honeypots and
gets new commands from them. And second, the exit policy of my node does
not allow IRC.

For me this makes no sense at all.
 
> Guess I'd politely tell server4you, with a copy to shadowserver, that
> you want to accommodate shadowserver; that they've been unresponsive;
> and that you'll need specific information to fix the problem.

Besides the "copy to shadowserver" I have tried all that. I will try
again next time and have shadowserver CCed.

> HTH

We will see.

Thanks for your advice.

regards

Alex

Attachment: signature.asc
Description: Digital signature