[Emerging-Sigs] FP 2404017 (botcc)
Matt Jonkman
jonkman at jonkmans.com
Thu Mar 13 15:12:57 EST 2008
I haven't seen hits like that, and i use the ntp pool as well. GeoIP
related I'm sure. That a german registered IP.
I'll see if we can get the net broken up a little better.
Matt
Markus Lude wrote:
> Hello,
> I regularly have hits on sid 2404017 from connections to 85.214.36.108,
> so far always on port 123 (ntp). That host seems to be a member of the
> pool.ntp.org pool. It's no big problem for me. I could exclude that IP
> address here locally or should we remove it from that rule? Do others
> see malicious traffic to/from that IP address?
>
> Regards,
> Markus
>
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at emergingthreats.net
> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
--
--------------------------------------------
Matthew Jonkman
Emerging Threats
Phone 765-429-0398
Fax 312-264-0205
http://www.emergingthreats.net
--------------------------------------------
PGP: http://www.jonkmans.com/mattjonkman.asc
More information about the Emerging-sigs
mailing list