To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
----------
Jess Kitchen wrote:
> To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
> ----------
> On Fri, 3 Mar 2006, Thomas Raef wrote:
>
>
>>To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
>>----------
>>I've been using a linux box with iptables and l7-filter to detect
>>botnets on local networks.
>>
>>It's done quite a fine job of detecting the traffic rather than just
>>identifying it by destination port.
>>
>>Anyone else trying this?
>
>
> Was doing something similar with ngrep and port mirroring in a couple of
> places. The expression was IRC-specific but it did show up a few things
> that otherwise slipped under the radar.
>
> Are you looking for Jabber and other methods too? Not sure how prevalent
> they are but I'm guessing it's on the increase - Gadi will probably be
> able to tell us more.
>
> I do also wonder how popular SSL transport is.
The more C&C's we kill without doing anything else, such as getting
these guys in prison, active R&D, etc. is only BAD. However, even if IRC
is not the only protocol used, it is perfect for them:
1. IRC servers are everywhere.
2. IRC clients and libraries are everywhere.
3. Moving an IRC server is very easy.
4. We still haven't found a very efficient way of fighting them.
Etc., so even if they do a lot more, they don't really currently need to.
Gadi.
>
> Cheers,
> Jess.
> _______________________________________________
> botnets mailing list
> To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
> http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
--
http://blogs.securiteam.com/
"Out of the box is where I live".
-- Cara "Starbuck" Thrace, Battlestar Galactica.
_______________________________________________
botnets mailing list
To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
