To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ----------
On Tue, 2006-06-13 at 11:53 -0700, dan wrote: > [...] and I'd like to > find myself in a situation where I can report potential bot infections > from work, and potential existing bots from home, then attempt to > correlate the data.
...then Snortsam is the tool for you. You can have Snort at work detect nasty stuff and block those IPs at work *and* at home, and Snort at home can block at home and at work. A group of us (two MSSPs and two EDUs) are actually sharing block data in an active response network. We have incorporated additional source feeds, such as known botnet C&C IPs, active bot zombie snoops, automatic malware detection and automatic/manual phishing site prevention. All based on a meshed Snortsam network which in essence shares/forwards block requests. You can run this in a two node setup at home/work very quickly and easily. If you like to contribute credible block information (ie malware from your local ISP segment or botnet activity you might detect), we could consider peering the block feeds with you. At present this has been in an experimental stage, but I think we're ready to start scaling this up carefully. So, if you're interested in participating, please let me know, and we'll get you plugged in. Cheers, Frank -- It is said that the Internet is a public utility. As such, it is best compared to a sewer. A big, fat pipe with a bunch of crap sloshing against your ports.
signature.asc
Description: This is a digitally signed message part
_______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
