|
|
译文如下:
滥用通知单已提交,详细信息如邮件中所述。
我们要求您采取必要的措施在24小时内解决滥用问题。
如果24小时内未采取任何措施,我们将使IP为空。
以下是提交的票证的详细信息:
########################################## ###############################################
Subject :[7月24日] [TCP探针]其中列出的可疑僵尸网络计算机的IP地址,请通知受害者(这些计算机的所有者)。
您好,
这是未经授权使用系统或网络的通知。
2020年7月24日,来自您网络的总共3个IP地址
探测了我的服务器的TCP开放端口。他们的联系尝试全部
通过了TCP的三向握手,因此您可以相信源IP地址
是正确的。由于其行为可疑,因此怀疑它们是受
感染的僵尸网络计算机。
以下包括TCP端口扫描的日志,以供您参考
(时区为UTC)。为了防止此邮件太大,
每个攻击者IP最多包含5次尝试。
如果您定期收集网络的IP流量信息,则在记录时将看到
列出的IP连接到服务器的各种TCP端口,
并且我怀疑它们也连接到许多其他IP的TCP端口。
如果Linux系统位于攻击者的IP上,则您可能需要使用
命令“ netstat -ntp”列出其活动的网络连接。如果
仍有可疑的连接,请找出它们
所属的PID /程序/用户ID 。您可能会找到帮助您解决此问题的方法。
请通知受害者(这些僵尸网络计算机的所有者),以便他们
采取适当的措施来清理计算机,然后
再发生更严重的事件,例如数据泄漏,DDoS和谣言的
被劫持的僵尸网络进行间谍活动的NSA 。这也有助于防止僵尸网络
占用您的网络带宽。
Chih-Cherng Chin
每日僵尸网络统计
原文如下:
An abuse ticket has been submitted with details as described in the mail.
We request you to take necessary action to resolve the abuse within 24 hours.
If no action is taken within 24 hours we will NULL the IP.
Following are the details of the ticket submitted:
##########################################################################################
Subject: [July 24][TCP probes]IP addresses of suspected botnet computers listed inside, please notify the victims (owners of those computers).
Hello,
This is a notification of unauthorized uses of systems or networks.
On July 24, 2020, a total of 3 IP addresses from your networks
probed my servers for TCP open ports. Their connection attempts have all
passed TCP's 3-way handshake, so you can trust the source IP addresses to
be correct. Due to their dubious behavior, they are suspected to be
compromised botnet computers.
The log of TCP port scans is included below for your reference
(time zone is UTC). To prevent this mail from getting too big in size,
at most 5 attempts from each attacker IP are included.
If you regularly collect IP traffic information of your network, you will see
the IPs listed connected to various TCP ports of my server at the time logged,
and I suspect that they also connected to TCP ports of many other IPs.
If a Linux system was at the attacker's IP, you might want to use the
command "netstat -ntp" to list its active network connections. If there
is still some suspicious connection, find out what PID/program/user ID they
belong to. You might find something to help you solve this problem.
Please notify the victims (owners of those botnet computers) so that they
can take appropriate action to clean their computers, before even
more severe incidents, like data leakage, DDoS, and the rumored NSA spying
through hijacked botnets, arise. This also helps prevent botnets from
taking up your network bandwidth.
Chih-Cherng Chin
Daily Botnet Statistics |
|
English
简体中文
繁體中文
한국 사람
日本語
Deutsch
русский
بالعربية
TÜRKÇE
português
คนไทย
french
发表于 2020-7-27 11:37:37