[Oisf-users] Re : Record traffic as soon as a thread is detected

Jean-Michel Pouré jm at poure.com
Fri Sep 29 08:37:23 UTC 2017


Le jeudi 28 septembre 2017 à 16:18 -0600, Francis Trudeau a écrit :
> For the record, that IP is a true positive:
> https://ransomwaretracker.abuse.ch/ip/209.99.40.222/

Thanks.

I noticed that too. It was 2 days ago. Around 3:00 in the morning, I
had Trojan ransomware onion domain lookups. This looks like a series of
DNS lookups.

This is quite surprising, as my local network is mostly composed of
security devices, including OpenBSD, FreeBSD and some Linux. It could
be a downloading of a ban list followed by DNS queries.

Anyway, even if this is a home network, I need to monitor more closely
what is going on. Detecting threats is not enough. You also need to
analyse the traffic and logs ...

Kind regards,
Kellogs



More information about the Oisf-users mailing list