Отменен

Esperto in sicurezza linux per rimozione botnet

Necessito di esperto in sicurezza in ambiente Linux per rimozione

"Glupteba botnet controller located" su server Centos5

Si vede l'attività dal tcpdump:

tcpdump port 30577
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
20:57:41.493091 IP 089144216205.atnat0025.highway.a1.net.60712 > 83-103-59-99.ip.fastwebnet.it.30577: S 793001131:793001131(0) win 16384 <mss 1424,nop,nop,sackOK>
20:57:46.990408 IP mail.minnovo.com.au.63160 > 83-103-59-99.ip.fastwebnet.it.30577: S 1021447317:1021447317(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
20:57:46.997092 IP 178-220-157-96.dynamic.isp.telekom.rs.10663 > 83-103-59-99.ip.fastwebnet.it.30577: S 1317618282:1317618282(0) win 8192 <mss 1400,nop,wscale 8,nop,nop,sackOK>
20:57:49.181674 IP static.213-239-213-7.clients.your-server.de.41161 > 83-103-59-99.ip.fastwebnet.it.30577: S 1514386344:1514386344(0) win 14600 <mss 1460,sackOK,timestamp 2068741913 0,nop,wscale 7>
20:57:49.965064 IP 178-220-157-96.dynamic.isp.telekom.rs.10663 > 83-103-59-99.ip.fastwebnet.it.30577: S 1317618282:1317618282(0) win 8192 <mss 1400,nop,wscale 8,nop,nop,sackOK>
20:57:49.971995 IP mail.minnovo.com.au.63160 > 83-103-59-99.ip.fastwebnet.it.30577: S 1021447317:1021447317(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
20:57:50.171988 IP static.213-239-213-7.clients.your-server.de.41161 > 83-103-59-99.ip.fastwebnet.it.30577: S 1514386344:1514386344(0) win 14600 <mss 1460,sackOK,timestamp 2068742913 0,nop,wscale 7>
20:57:52.153359 IP static.213-239-213-7.clients.your-server.de.41161 > 83-103-59-99.ip.fastwebnet.it.30577: S 1514386344:1514386344(0) win 14600 <mss 1460,sackOK,timestamp 2068744913 0,nop,wscale 7>
20:57:55.913384 IP 178-220-157-96.dynamic.isp.telekom.rs.10663 > 83-103-59-99.ip.fastwebnet.it.30577: S 1317618282:1317618282(0) win 8192 <mss 1400,nop,nop,sackOK>
20:57:55.922791 IP mail.minnovo.com.au.63160 > 83-103-59-99.ip.fastwebnet.it.30577: S 1021447317:1021447317(0) win 8192 <mss 1460,nop,nop,sackOK>
20:57:57.245519 IP 41.130.105.100.jetcmeserver > 83-103-59-99.ip.fastwebnet.it.30577: S 4012104696:4012104696(0) win 65535 <mss 1452,nop,nop,sackOK>
20:57:58.131629 IP broadband.customer.azadnet.net.53035 > 83-103-59-99.ip.fastwebnet.it.30577: S 1929384511:1929384511(0) win 8192 <mss 1460,nop,wscale 2,nop,nop,sackOK>

12 packets captured
12 packets received by filter
0 packets dropped by kernel
--------------------------------------------------------------------------------------------------------
non vedo processi con ps o netstat

Навыки: Интернет-безопасность, Linux

О работодателе:
( 0 отзыв(-а, -ов) ) Italy

ID проекта: #8217229