Rocksolid Light

Welcome to RetroBBS

mail  files  register  newsreader  groups  login

Message-ID:  

QOTD: "It's a cold bowl of chili, when love don't work out."

rocksolid / Security / Mirai Botnet DNS query

SubjectAuthor
* Mirai Botnet DNS queryMarc SCHAEFER
`- Mirai Botnet DNS queryAnonymous

1
Mirai Botnet DNS query

<u8qu7v$6bt$1@shakotay.alphanet.ch>

  copy mid

https://rocksolidbbs.com/rocksolid/article-flat.php?id=270&group=rocksolid.shared.security#270

  copy link   Newsgroups: rocksolid.shared.security
Path: i2pn2.org!i2pn.org!news.alphanet.ch!alphanet.ch!.POSTED!not-for-mail
From: schaefer@alphanet.ch (Marc SCHAEFER)
Newsgroups: rocksolid.shared.security
Subject: Mirai Botnet DNS query
Date: Fri, 14 Jul 2023 07:41:51 -0000 (UTC)
Organization: Posted through news.alphanet.ch
Message-ID: <u8qu7v$6bt$1@shakotay.alphanet.ch>
Injection-Date: Fri, 14 Jul 2023 07:41:51 -0000 (UTC)
Injection-Info: shakotay.alphanet.ch; posting-account="schaefer";
logging-data="6525"; mail-complaints-to="usenet@alphanet.ch"; posting-host="634ce6c9682d817d72f6177875e2bb4f.nnrp.alphanet.ch"
User-Agent: tin/2.4.3-20181224 ("Glen Mhor") (UNIX) (Linux/4.19.0-24-amd64 (x86_64))
Cancel-Lock: sha256:iOuzSYkqilxpIaVsd9O3R+mBa5RSAERTDzgSr98nL2s= sha256:dJb+8ZEiLXS/jd7QUBNQJxIp+ZtLAUxlrnCQOewHgCA=
 by: Marc SCHAEFER - Fri, 14 Jul 2023 07:41 UTC

Hello,

Does anyone know what the gosec.me domain was? A malware seems to try
to DNS A-resolve this and fails (SERVFAIL).

Maybe this was a DDoS?

Thank you for any pointers. I am just interested, it has no real value
to know that.

Re: Mirai Botnet DNS query

<527400afa8af6a9f48b7d84b357b2c30@rocksolidbbs.com>

  copy mid

https://rocksolidbbs.com/rocksolid/article-flat.php?id=271&group=rocksolid.shared.security#271

  copy link   Newsgroups: rocksolid.shared.security
Path: i2pn2.org!.POSTED!not-for-mail
From: Anonymous@rocksolidbbs.com (Anonymous)
Newsgroups: rocksolid.shared.security
Subject: Re: Mirai Botnet DNS query
Date: Fri, 14 Jul 2023 16:31:27 +0000
Organization: RetroBBS
Message-ID: <527400afa8af6a9f48b7d84b357b2c30@rocksolidbbs.com>
References: <u8qu7v$6bt$1@shakotay.alphanet.ch>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Info: i2pn2.org;
logging-data="3272875"; mail-complaints-to="usenet@i2pn2.org";
posting-account="qk6pvs/sIyKYNRNFdjVS+ghlZZkCUq7cWs+7p7kaLpU";
User-Agent: Rocksolid Light 0.8.5
X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on i2pn2.org
X-Rslight-Site: $2y$10$YJX7Sha2KEaBKt7Rmr5sZOaZTznq7R4.IQqmW.Gf1VsOYdKYJPumO
X-Rslight-Posting-User: b47da4f5d75d2e6d622c05424a406bf5739a21a2
 by: Anonymous - Fri, 14 Jul 2023 16:31 UTC

Marc SCHAEFER wrote:

> Hello,

> Does anyone know what the gosec.me domain was? A malware seems to try
> to DNS A-resolve this and fails (SERVFAIL).

> Maybe this was a DDoS?

> Thank you for any pointers. I am just interested, it has no real value
> to know that.

Wasn't that an IT security site?

--
Posted on RetroBBS

1
server_pubkey.txt

rocksolid light 0.9.8
clearnet tor