lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <9b13f6c105010603164ce550af@mail.gmail.com> From: infsec at gmail.com (Willem Koenings) Subject: Re: SQL injection worm ? On Wed, 5 Jan 2005 18:27:25 -0500 (EST), bugtraq@...security.net <bugtraq@...security.net> wrote: > Here is some additional information. > ? ircname : [UNC]69402 > | channels : #!processor > ? server : shellcodewarez.info (ScW Network) > : idle : 4 hours 57 mins 9 secs (signon: Tue Jan 4 23:40:01 2005) > ??????---?--??-??????---?--??-?????????--- -- - > | [UNC]73047 (vjfud@...013F.3F070E03.2BA09B8.IP) (unknown) > ? ircname : [UNC]73047 > | channels : +#!processor > ? server : shellcodewarez.info (ScW Network) > : idle : 4 hours 57 mins 26 secs (signon: Wed Jan 5 07:48:45 2005) > > As you can see they are masking the ip addresses. That depends. When new victim arrives on the channel, you can see his IP: [13:06] * [UNC]08801 (ngnvje@....93.182.253) has joined #!processor but on inquery it's really masked, yes: [13:07] [UNC]08801 is ngnvje@...5494.1E6027D8.277B9277.IP * [UNC]08801 [13:07] [UNC]08801 is on #!processor [13:07] [UNC]08801 using shellcodewarez.info ScW Network [13:07] [UNC]08801 has been idle 49 secs, signed on thursday jan 06 01:18 pm all the best, W.
Powered by blists - more mailing lists