[tor-relays] Abuses: Suspicious botnet ramnit attack
Markus Koch
niftybunny at googlemail.com
Thu Oct 27 22:33:22 UTC 2016
No. Thats my problem too, around 90% of my abuse mails are bot related
and you cant do anything about it.
Markus
2016-10-27 20:24 GMT+02:00 pa011 <pa011 at web.de>:
> Hi,
>
> got the abuse below on three different exits. Anybody having any idea what to do and how to possibly to stop this in the future?
> Thanks Paul
>
>
> CERT-EU has received information regarding an infected IP belonging to your
> network, which may have security problems. The information regarding the problems
> is also included as attachments in both CSV and XML formats. All timestamps are in
> UTC.
> At this time we do not have any more information.
>
> Where:
> - ASN: is the Autonomous System Number;
> - IP: the Internet Protocol address associated with this activity;
> - TIME: discovery time of the malicious activity;
> - PTR/DNAME: PTR/DNAME record
> - CC: ISO 3166-1 alpha-2 two-letter country code;
> - TYPE: type of the security problem or threat;
>
> - INFO: provides any additional information, if available.asn|ip|time|ptr|cc|type|info|info2
>
> ASxxxxx|xxx.xxx.xxx.xxx|25-10-2016 12:10:09Z|XX|botnet drone|Description: Ramnit botnet victim connection to sinkhole details, Timestamp : 1477397409.72, City : none, Count: 8, First Seen: 25-10-2016 12:10:09, Last Seen: 25-10-2016
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
More information about the tor-relays
mailing list