To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- Hi,
Just got back from Layer One conference in Pasadina. Got a lot of interest in Shadowserver group. I found some very interested programmers interested in working on our SpamCrunchers project. Back in 2004, I did a "proof of performance" of the system, and in these tests we shut down approx 750,000 infected hosts with a very aggressive spam reporting system, not only reporting spam, but also reporting bogus whois info on both domains and IP blocks. We also wrote some very interesting Spam traffic analysis displays... we learned that any given IP address would send us approx 5 - 8 spams. The average lifetime of the infected machine was approx 3 weeks, but we were able to cut that way down during our tests. We also want to write code to help sniff out botnets, or gather data on them for Law Enforcement officials in helping their investigations. We are going to need to know their standards and requirements. I'm going to try to bring in more LE types. Most of our work is in Python, because of it's security and robust array bounds checking and other nice things it does. Our Analysis engine will be HTML based, so any machine with a browser can interface to it. Most of our client-server work would be in Twisted Python. System will be designed to run as normal user. It will be using the PostGreSQL and Python plugin for the database. We already have a HUGE database of just about every IP block on the internet, linking to an "abuse" email for reporting purposes. It's pretty old and has to be updated. I also have some experimental code that goes to the Looking Glass servers and gets the upstream providers. Comes in handy if I have to "Go over the head" of an errant ISP or uncooperative one. I thought about setting up a special Whois server for extracting abuse Emails from IP's. I'm sure there are some out there now, but running one is going to take resources I don't have... A PHAT PIPE and a PHAT PHAST BOX. If any Botnet hunters out there need any specific tools or nice web based interfaces to their tools, let us know. Our goals are to put together a "Spam and Bot eradication kit" - I suppose that would be a good name for it. An SBEK.... :-) John _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
