To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
----------
john ralbowsky napsal(a):
> To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
> ----------
> hello guys,
>
> we are an ISP and operate a small, ca. 2000 end-user
> network. I'm not going to dig in details how many of
> those uneducated [I'd really like to use another word]
> experts are infected by some form of virus, trojan,
> malware etc; our rough estimate is that it's at least
> 50%...
>
> Being a long-term reader of shadowserver messages, I
> wonder if it's possible somehow to grab list of all
> C&C servers in shadowserver's database. We would like
> to filter our those destination IPs in order to
> prevent our "clients" to be commanded as several times
> last week we were participating in attacking somebody
> in Korea...
i think you can also use:
* bleeding-botcc.rules
* bleeding-botcc-BLOCK.rules
from bleeding snort communty at
http://doc.bleedingthreats.net/bin/view/Main/AllRulesets
regards
bodik
_______________________________________________
To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
All list and server information are public and available to law enforcement
upon request.
http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
