2016-10-27 20:24 GMT+02:00 pa011 pa011@web.de:
Hi,
got the abuse below on three different exits. Anybody having any idea what to do and how to possibly to stop this in the future? Thanks Paul
CERT-EU has received information regarding an infected IP belonging to your network, which may have security problems. The information regarding the problems is also included as attachments in both CSV and XML formats. All timestamps are in UTC. At this time we do not have any more information.
Where:
ASN: is the Autonomous System Number;
IP: the Internet Protocol address associated with this activity;
TIME: discovery time of the malicious activity;
PTR/DNAME: PTR/DNAME record
CC: ISO 3166-1 alpha-2 two-letter country code;
TYPE: type of the security problem or threat;
INFO: provides any additional information, if available.asn|ip|time|ptr|cc|type|info|info2
ASxxxxx|xxx.xxx.xxx.xxx|25-10-2016 12:10:09Z|XX|botnet drone|Description: Ramnit botnet victim connection to sinkhole details, Timestamp : 1477397409.72, City : none, Count: 8, First Seen: 25-10-2016 12:10:09, Last Seen: 25-10-2016
On 28 Oct. 2016, at 09:33, Markus Koch niftybunny@googlemail.com wrote:
No. Thats my problem too, around 90% of my abuse mails are bot related and you cant do anything about it.
If you know the destination IP address, and it's a bot Command & Control server, you could block it. The problem is, many use multiple C&C servers, some with dynamic DNS.
T