To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- I suppose one possibility, assuming that your sysadmin doesn't mind it, would be random port scans of the network. I've found tons of remote-control trojans on our network that way. It wouldn't catch everything, but it could provide some hints about what machines might be part of a botnet.
If you have some idea what the data in the packets is, you could also configure an IDS like Snort to detect and log those packets, which would give you the source and destination IP and Ports. Packet sniffing via Ethereal or something similar is another possibility, I guess, but without an idea of what to look for, you'll be using lots of time and disk space to find the C&C packets. I'm sure there's other ways, but those are the ones I can think of...I'm a newb, relatively speaking. :-P >From: "Mary Henthorn" <[EMAIL PROTECTED]> >To: <[email protected]> >Subject: [botnets] C&C Communication >Date: Sun, 2 Apr 2006 21:25:42 -0500 > >To report a botnet PRIVATELY please email: [EMAIL PROTECTED] >---------- >I'm a senior technology analyst and a graduate computer science student. >I'm particularly interested in finding ways to discover botnets that are >using anything other than IRC as a C&C protocol by observing the enterprise >network, rather than setting up honeypots. Any clues you could give me >would be appreciated. > > > >Thanks > >Mary > >_______________________________________________ >To report a botnet PRIVATELY please email: [EMAIL PROTECTED] >All list and server information are public and available to law enforcement >upon request. >http://www.whitestar.linuxbox.org/mailman/listinfo/botnets _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
