To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- john ralbowsky napsal(a): > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > ---------- > hello guys, > > we are an ISP and operate a small, ca. 2000 end-user > network. I'm not going to dig in details how many of > those uneducated [I'd really like to use another word] > experts are infected by some form of virus, trojan, > malware etc; our rough estimate is that it's at least > 50%... > > Being a long-term reader of shadowserver messages, I > wonder if it's possible somehow to grab list of all > C&C servers in shadowserver's database. We would like > to filter our those destination IPs in order to > prevent our "clients" to be commanded as several times > last week we were participating in attacking somebody > in Korea...
i think you can also use: * bleeding-botcc.rules * bleeding-botcc-BLOCK.rules from bleeding snort communty at http://doc.bleedingthreats.net/bin/view/Main/AllRulesets regards bodik _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets