MIT FastFlux Botnetz #2

blog.grospolina.net

Thursday, April 23. 2009

Posted by katsumi in botnet at 14:10 | Comments (0) | Trackbacks (0)

MIT FastFlux Botnetz #2

Eigentlich wollte ich ja nur noch mal sagen, wirres hin oder her,
also ... ich wollte euch zeigen, dass die Sache mit dem Cambridge MIT FastFlux real ist.
Dann hab ich die Seite nimmer gefunden, wo zwei malware files dieser genannten IP zugeordnet werden.
Stattdessen hab ich das hier an der shell eingetippt:
[play@mobile]# dig blogginhell.com
; <<>> DiG 9.2.4 <<>> blogginhell.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2589
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;blogginhell.com.               IN      A

;; ANSWER SECTION:
blogginhell.com.        0       IN      A       18.58.7.93

[play@mobile]# whois 18.58.7.93
[Querying whois.arin.net]
[whois.arin.net]

OrgName:    Massachusetts Institute of Technology
OrgID:      MIT-2
Address:    Room W92-190
Address:    77 Massachusetts Avenue
City:       Cambridge
StateProv:  MA
PostalCode: 02139-4307
Country:    US

Ahhh... nun fällt es mir wieder ein! :)
Eine sehr schöne Seite ist die von dnsl.abuse.ch
Dort lässt sich einfach nach dem AS3 benannten autonomen System suchen.
Mit einem FastFlux Tracker für AS3.
Nun weiss ich auch woher das MIT so genau Bescheid weiss :p
Trackbacks
Trackback specific URI for this entry
No Trackbacks
Comments
Display comments as (Linear | Threaded)
No comments
Add Comment


To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

BBCode format allowed
 
 

Pages

katsumi's page
 GROSPOLINA.ORG

Glastopf Webhoneypot
 Glastopf Projektseite
Glastopf Subversion/Trac
Glastopf @ grospolina

Links

gut verglast ist ....
GLASBLOG
zeroq's blog:
VIRUSBLOG
Jon.Oberheide's blog:
jon.oberheide.org
offensivecomputing.net:
kishfellow's blog
malware&reversing
Zairon's blog
Bharath m narayan's blog:
Bharath's security blog
botnetz.com:
BOTNETZ
tho's blog:
HoneyBlog
Perforin's virii.lu:
virii.lu
The Outside Of The Asylum:
ab in die anstalt


Powered By ...?
eXTReMe Tracker

Quicksearch

Categories



All categories

Archives

Letzte Goggele Suche

"© 2011 Powered by Subrion CMS"
"© 2011 Powered by Subrion CMS"
4521569111
dlsldododl
d0rk new 2011
ipays exploit
ipays - exploit
pbot dragonfly irc.byroe
Powered by Ollance Member Login Script
"prefix"=>"bodao","maxrand"=>"8",
intitle:© 2011 Powered by Subrion CMS
sandbox 2304 fehler
powered by zoopeer
powered by zoopeer
remote-exploit sathyajith
irc.kamtiez.web.id pbot shot|
irc.cyberirc.org bot
213.251.169.156 pbot
in my world theres no left right grospolina
"Powered By Zoopeer"
"Powered By Zoopeer"
mail.indoserver.web.id
grospolina
"powered by zoopeer"
yourwebinterface.com
"@+#+irc.ascnet.biz"
Threaded Mode | Linear Mode powered by zoopeer
Threaded Mode | Linear Mode powered by zoopeer
Threaded Mode | Linear Mode powered by zoopeer
Threaded Mode | Linear Mode powered by zoopeer
verfassung und verfassungsvertrag guttenberg
dumme musikindustrie

Syndicate This Blog

Exploit-db, feed me!

[local] - ispVM System XCF File Handling Overflow

Tuesday, May 29. 2012
[webapps] - PBBoard v2.1.4 Multiple SQL Injection Vulnerabilities

Tuesday, May 29. 2012
[dos] - WinRadius Server 2009 Denial Of Service

Tuesday, May 29. 2012
[dos] - Tftpd32 DNS Server 4.00 Denial Of Service

Tuesday, May 29. 2012
[webapps] - PBBoard 2.1.4 Local File Inclusion

Tuesday, May 29. 2012

Glasfeed

No RSS/OPML feed selected