To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- I understand one function of this list is to help establish a collaborative detection and reporting of botnets.
I've been monitoring the various connections that I feel are botnets, scanning the Comcast /24's. Many of them are in APNIC, some AFRINIC. Common ports I find open are 5000, 1025, 1026 and sometimes 80, which clearly are not standard functions. I'm finding an increase in SMTP port flood attempts - fortunately my configuration handles those gracefully. Anyhow, how can we reliably report botnet activity in a collective manner such that the information is functionally useful to everyone - perhaps for creating their own filters, etc. What methods can we use to verify (if possible) that the IP is in fact a botnet, or simply a rogue trojan/worm... etc. _F _______________________________________________ botnets mailing list To report a botnet PRIVATELY please email: [EMAIL PROTECTED] http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
