To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- In general, shut down the command and control (C&C) functionality and then attack the infected machines.
You will need to probably do a packet capture on your internet interface and look for machines talking to the outside world on weird port numbers. You can also do port scans on internal machines and see which ones have IRC ports open when you know they don't have an IRC client running. IRC is very common for C&C stuff but there are others. Also look for odd port numbers on machines that are listening. What is odd? ... that depends on what's on the machine OS and application wise. It's not much to go on but hopefully it's a start. -----Original Message----- From: Dave [mailto:[EMAIL PROTECTED] Sent: Thursday, October 19, 2006 4:51 PM To: [email protected] Subject: [botnets] What to do? Hi Everyone, What is the best approach to get a botnet shut down? Thanks in advance, Dave _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
