Rocksolid Light

News from da outaworlds

mail  files  register  groups  login

Message-ID:  

Are you sure the back door is locked?

rocksolid / Security / Re: Mirai Botnet DNS query

SubjectAuthor
* Mirai Botnet DNS queryMarc SCHAEFER
`- Re: Mirai Botnet DNS queryAnonymous

1
Subject: Mirai Botnet DNS query
From: Marc SCHAEFER
Newsgroups: rocksolid.shared.security
Organization: Posted through news.alphanet.ch
Date: Fri, 14 Jul 2023 07:41 UTC
Path: eternal-september.org!news.eternal-september.org!news.xorox.net!news.alphanet.ch!alphanet.ch!.POSTED!not-for-mail
From: schaefer@alphanet.ch (Marc SCHAEFER)
Newsgroups: rocksolid.shared.security
Subject: Mirai Botnet DNS query
Date: Fri, 14 Jul 2023 07:41:51 -0000 (UTC)
Organization: Posted through news.alphanet.ch
Message-ID: <u8qu7v$6bt$1@shakotay.alphanet.ch>
Injection-Date: Fri, 14 Jul 2023 07:41:51 -0000 (UTC)
Injection-Info: shakotay.alphanet.ch; posting-account="schaefer";
logging-data="6525"; mail-complaints-to="usenet@alphanet.ch"; posting-host="634ce6c9682d817d72f6177875e2bb4f.nnrp.alphanet.ch"
User-Agent: tin/2.4.3-20181224 ("Glen Mhor") (UNIX) (Linux/4.19.0-24-amd64 (x86_64))
Cancel-Lock: sha256:iOuzSYkqilxpIaVsd9O3R+mBa5RSAERTDzgSr98nL2s= sha256:dJb+8ZEiLXS/jd7QUBNQJxIp+ZtLAUxlrnCQOewHgCA=
View all headers

Hello,

Does anyone know what the gosec.me domain was? A malware seems to try
to DNS A-resolve this and fails (SERVFAIL).

Maybe this was a DDoS?

Thank you for any pointers. I am just interested, it has no real value
to know that.

Subject: Re: Mirai Botnet DNS query
From: Anonymous
Newsgroups: rocksolid.shared.security
Organization: RetroBBS
Date: Fri, 14 Jul 2023 16:31 UTC
References: 1
Path: eternal-september.org!news.eternal-september.org!i2pn.org!i2pn2.org!.POSTED!not-for-mail
From: Anonymous@rocksolidbbs.com (Anonymous)
Newsgroups: rocksolid.shared.security
Subject: Re: Mirai Botnet DNS query
Date: Fri, 14 Jul 2023 16:31:27 +0000
Organization: RetroBBS
Message-ID: <527400afa8af6a9f48b7d84b357b2c30@rocksolidbbs.com>
References: <u8qu7v$6bt$1@shakotay.alphanet.ch>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Info: i2pn2.org;
logging-data="3272875"; mail-complaints-to="usenet@i2pn2.org";
posting-account="qk6pvs/sIyKYNRNFdjVS+ghlZZkCUq7cWs+7p7kaLpU";
User-Agent: Rocksolid Light 0.8.5
X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on i2pn2.org
X-Rslight-Site: $2y$10$YJX7Sha2KEaBKt7Rmr5sZOaZTznq7R4.IQqmW.Gf1VsOYdKYJPumO
X-Rslight-Posting-User: b47da4f5d75d2e6d622c05424a406bf5739a21a2
View all headers

Marc SCHAEFER wrote:

> Hello,

> Does anyone know what the gosec.me domain was? A malware seems to try
> to DNS A-resolve this and fails (SERVFAIL).

> Maybe this was a DDoS?

> Thank you for any pointers. I am just interested, it has no real value
> to know that.

Wasn't that an IT security site?

--
Posted on RetroBBS

1

rocksolid light 0.9.8
clearnet tor