To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- Hey Fellas,
I managed to get my cisco 2924xl at home properly spanned, and I installed snort/acid on one of my debian boxes. Since I'm sitting here watching the attacks pile in (I've got business cable with time warner), I'm wondering how exactly to actually mitigate the issues. I see literally thousands of ssh bruteforce attemps, various mysql worms, attempted mambo exploits.. I see this as being valuable for a couple of reasons 1) These are very likely existing bots (or owned by herders to attempt to find more vulnerable hosts). 2) The data is very easily exported and/or viewed by folks from here (if anyone is so inclined) I was curious how many people on the list are using active response systems for their IDS installations. If so, which ones? I'm also the head Unix/Network sysadmin at my place of work, so anything decent I'll likely be implementing at work (obviously, there I have a budget :) Any input is appreciated! -Dan itkinetix.com Jon Macfarlane wrote: > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > ---------- > Sorry folks, just realised I made a mistake, this one was really > > 207.155.70.204 port 5001 > > It is still up. > > > Jon Macfarlane wrote: >> To report a botnet PRIVATELY please email: [EMAIL PROTECTED] >> ---------- >> 207.155.70.204 port 7000 >> >> I don't have the executable, all I have is the following commands, >> picked up by my IDS. >> >> NICK GBR|56822172 >> USER riussgkva 0 0 :GBR|56822172 >> JOIN #test shot >> join #s1,#s2,#s3,#s4 -s >> >> I can connect to the server but can't seem to join a channel so I have >> no idea how many bots it has. Maybe someone who has a better idea about >> these things can check this out. >> >> Thanks >> >> Jon Macfarlane >> Network & Systems Security Officer >> Kings College London >> >> _______________________________________________ >> To report a botnet PRIVATELY please email: [EMAIL PROTECTED] >> All list and server information are public and available to law enforcement >> upon request. >> http://www.whitestar.linuxbox.org/mailman/listinfo/botnets > _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
