[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-relays] Abuses: Suspicious botnet ramnit attack



Hi,

got the abuse below on three different exits. Anybody having any idea what to do and how to possibly to stop this in the future?
Thanks Paul


CERT-EU has received information regarding an infected IP belonging to your
network, which may have security problems. The information regarding the problems
is also included as attachments in both CSV and XML formats. All timestamps are in
UTC.
At this time we do not have any more information.

Where:
- ASN: is the Autonomous System Number;
- IP:  the Internet Protocol address associated with this activity;
- TIME: discovery time of the malicious activity;
- PTR/DNAME: PTR/DNAME record
- CC: ISO 3166-1 alpha-2 two-letter country code;
- TYPE: type of the security problem or threat;

- INFO: provides any additional information, if available.asn|ip|time|ptr|cc|type|info|info2

ASxxxxx|xxx.xxx.xxx.xxx|25-10-2016 12:10:09Z|XX|botnet drone|Description: Ramnit botnet victim connection to sinkhole details, Timestamp : 1477397409.72, City : none, Count: 8, First Seen: 25-10-2016 12:10:09, Last Seen: 25-10-2016
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays