[Dshield] Dalnet being uses as a C&C server

Tomas L. Byrnes tomb at byrneit.net
Wed Jun 20 04:51:18 GMT 2007


As I said, much as I would like to be proactive, all emergency blocks go
through the storm center. That way we ensure proper incident handling is
followed, to include no compromise of a criminal investigation in
progress.

Contact the handlers using e-mail or their form, if you want us to
block.

 

> -----Original Message-----
> From: list-bounces at lists.dshield.org 
> [mailto:list-bounces at lists.dshield.org] On Behalf Of Larry
> Sent: Tuesday, June 19, 2007 8:50 PM
> To: General DShield Discussion List
> Subject: Re: [Dshield] Dalnet being uses as a C&C server
> 
> Tomas L. Byrnes wrote:
> > If you don't see this site come down soon, you can ask the 
> handler on 
> > duty, Marc, or Johannes, to activate a ThreatSTOP Emergency 
> block on 
> > the host. People using our service block inbound and 
> outbound, and we 
> > have a channel in place to have the ISC Handlers push out 
> an emergency 
> > block, if they detect a malware seed or C&C site that they 
> want taken 
> > down, that isn't responsive. We only let the handlers due this, so 
> > that the proper incident response methods are followed.
> > 
> 
> As of now the C&C channel is still active on dalnet. no 
> response received from abuse, dalnets exploit team or the 
> servers admin
> 
> the dalnet server specified was:  rumble.dal.net
> 
> root at dx-06 [/home/maxqe/public_html/status/exploit]# host 
> rumble.dal.net rumble.dal.net is an alias for pool.dal.net.
> pool.dal.net has address 194.14.236.50
> 
> 
> 
> 
> * Now talking on #JagungNet
> * Topic for #JagungNet is:   --==|| welcome to 
> JagungNet at DaLNet ||==-- |
> http://crew jagungnet mengharamkan servis sepeda di a`hong 
> bengkel karang turi ========>>>>>>>a`hong seneng mangan duwek 
> e anak yatim
> * Topic for #JagungNet set by irhammna at Mon Jun 18 12:47:29 2007
> * #jagungnet :http://channels.dal.net/jagungnet
> <JagungNet> Met Datang E2-Larry
> 
> * Users on #Jagungnet: E2-Larry cE_3smP c3m0et_oChubby 
> co_band_sma_16fs c3m0etdz_oChubby Foxhunt heng_18 @JagungNet 
> co-caem @JagungNetLA IrcBotC0ps
> 
> _________________________________________
> SANSFIRE 2007 July 25-August 2 in Washington, DC.  56 
> courses, SANS top instructors, and a great tools and 
> solutions expo. Register today!
> http://www.sans.org/info/4651 (brochure code ISC)
> 



More information about the list mailing list