[Emerging-Sigs] FP 2404017 (botcc)

Markus Lude markus.lude at gmx.de
Mon Mar 10 15:04:31 EST 2008

Previous message: [Emerging-Sigs] Emerging Threats Daily Signature Changes
Next message: [Emerging-Sigs] FP 2404017 (botcc)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,
I regularly have hits on sid 2404017 from connections to 85.214.36.108,
so far always on port 123 (ntp). That host seems to be a member of the
pool.ntp.org pool. It's no big problem for me. I could exclude that IP
address here locally or should we remove it from that rule? Do others
see malicious traffic to/from that IP address?

Regards,
Markus

Previous message: [Emerging-Sigs] Emerging Threats Daily Signature Changes
Next message: [Emerging-Sigs] FP 2404017 (botcc)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Emerging-sigs mailing list