| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: dufresne at winternet.com (Ron DuFresne)
Subject: Sobig has a surprise...
> >
> {{{sigh}}} They've been posted here more than once. They're on the Sophos
> website.
{{{bigger sigh}}}
>
> But here they are again, taken from my logs, so these are verified IPs that
> Sobig.f was contacting on 8998/UDP:
>
> /var/log/snort/special/12.158.102.205/UDP:8998-1228
> /var/log/snort/special/12.232.104.221/UDP:8998-1228
> /var/log/snort/special/218.147.164.29/UDP:8998-1228
> /var/log/snort/special/24.197.143.132/UDP:8998-1228
> /var/log/snort/special/24.202.91.43/UDP:8998-1228
> /var/log/snort/special/24.206.75.137/UDP:8998-1228
> /var/log/snort/special/24.210.182.156/UDP:8998-1228
> /var/log/snort/special/24.33.66.38/UDP:8998-1228
> /var/log/snort/special/61.38.187.59/UDP:8998-1228
> /var/log/snort/special/63.250.82.87/UDP:8998-1228
> /var/log/snort/special/65.177.240.194/UDP:8998-1228
> /var/log/snort/special/65.92.186.145/UDP:8998-1228
> /var/log/snort/special/65.92.80.218/UDP:8998-1228
> /var/log/snort/special/65.93.81.59/UDP:8998-1228
> /var/log/snort/special/65.95.193.138/UDP:8998-1228
> /var/log/snort/special/66.131.207.81/UDP:8998-1228
> /var/log/snort/special/67.73.21.6/UDP:8998-1228
> /var/log/snort/special/67.9.241.67/UDP:8998-1228
> /var/log/snort/special/68.38.159.161/UDP:8998-1228
> /var/log/snort/special/68.50.208.96/UDP:8998-1228
>
67.164.250.26/8998
129.244.36.194/8998
67.73.60.121/8998
218.146.139.246/8998
66.169.84.77/8998
68.50.208.96/8998
12.232.104.221/8998
218.147.164.29/8998
24.33.66.38/8998
12.158.102.205/8998
24.197.143.132/8998
24.206.75.137/8998
24.202.91.43/8998
24.210.182.156/8998
61.38.187.59/8998
65.92.80.218/8998
63.250.82.87/8998
65.92.186.145/8998
not all of these<any?, I only looked close enough to determine that some
67.xxxxx addies are not in the list provided here> are in your listing and
are the ones referenced by Jerry Heidtke. I think you missed a few posts and mis-read me totally.
Of course, I do not claim this is Jerry's complete listing either, I tried
quickly to eliminate dupes. but, if as Jerry reported there were at least
two variants of sobig.f, with at least two or more different address
lists, this might not be a done deal, as already said. I merely seek info
as to whether or not Jerry's findings have been verified by anyone else,
and if so, if these addresses too had been nullified, or is there yet more
to come?
Thanks,
Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
Powered by blists - more mailing lists