[Dshield] Dalnet being uses as a C&C server

Larry lbrower at servermanagementsolutions.com
Wed Jun 20 03:50:14 GMT 2007

Tomas L. Byrnes wrote:
> If you don't see this site come down soon, you can ask the handler on
> duty, Marc, or Johannes, to activate a ThreatSTOP Emergency block on the
> host. People using our service block inbound and outbound, and we have a
> channel in place to have the ISC Handlers push out an emergency block,
> if they detect a malware seed or C&C site that they want taken down,
> that isn't responsive. We only let the handlers due this, so that the
> proper incident response methods are followed.

As of now the C&C channel is still active on dalnet. no response
received from abuse, dalnets exploit team or the servers admin

the dalnet server specified was:  rumble.dal.net

root at dx-06 [/home/maxqe/public_html/status/exploit]# host rumble.dal.net
rumble.dal.net is an alias for pool.dal.net.
pool.dal.net has address

* Now talking on #JagungNet
* Topic for #JagungNet is:   --==|| welcome to JagungNet at DaLNet ||==-- |
http://crew jagungnet mengharamkan servis sepeda di a`hong bengkel
karang turi ========>>>>>>>a`hong seneng mangan duwek e anak yatim
* Topic for #JagungNet set by irhammna at Mon Jun 18 12:47:29 2007
* #jagungnet :http://channels.dal.net/jagungnet
<JagungNet> Met Datang E2-Larry

* Users on #Jagungnet: E2-Larry cE_3smP c3m0et_oChubby co_band_sma_16fs
c3m0etdz_oChubby Foxhunt heng_18 @JagungNet co-caem @JagungNetLA IrcBotC0ps

More information about the list mailing list