[tor-relays] Abuses: Suspicious botnet ramnit attack
pa011
pa011 at web.de
Thu Oct 27 18:24:13 UTC 2016
Hi,
got the abuse below on three different exits. Anybody having any idea what to do and how to possibly to stop this in the future?
Thanks Paul
CERT-EU has received information regarding an infected IP belonging to your
network, which may have security problems. The information regarding the problems
is also included as attachments in both CSV and XML formats. All timestamps are in
UTC.
At this time we do not have any more information.
Where:
- ASN: is the Autonomous System Number;
- IP: the Internet Protocol address associated with this activity;
- TIME: discovery time of the malicious activity;
- PTR/DNAME: PTR/DNAME record
- CC: ISO 3166-1 alpha-2 two-letter country code;
- TYPE: type of the security problem or threat;
- INFO: provides any additional information, if available.asn|ip|time|ptr|cc|type|info|info2
ASxxxxx|xxx.xxx.xxx.xxx|25-10-2016 12:10:09Z|XX|botnet drone|Description: Ramnit botnet victim connection to sinkhole details, Timestamp : 1477397409.72, City : none, Count: 8, First Seen: 25-10-2016 12:10:09, Last Seen: 25-10-2016
More information about the tor-relays
mailing list