To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ----------
As i wrote directly to to Mark, I'm sending comments to list. > what software do you use to do this? Graphviz and perl module. > what is the meaning of a directed line from one node to another? > (e.g. communication in the direction > of the arrow, or controlled by the thing the arrow points to...) If c&c domain use more IP, then there exists more edges to it. If another different c&c domain use any from matched IP's, then another edge span another group of IP's in this c&c, etc.. > is there any way to make this searchable? Not directly. > is there any way to try to cluster the machines which are close > together (using any metric) to be physically close together? > i'm not sure what metrics you might want to use. possibly just "in > the same AS". It's good idea for future. Btw: Here is small circle view, maybe better for quick structure corelation. http://www.honeynet.cz/img/small-circo.jpg Cheers David Vorel
signature.asc
Description: Digital signature
_______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets