To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
There used to be a very old filestatistics programme arround, long before the arrival of MSDOS. That programme counted the occurence of any byte value divided by the size of the file. You might look at all leagal and not so shure wether legal or not http servers in your net. Looking at the pattern will tell you when something new happens. Sean Zadig wrote: | To report a botnet PRIVATELY please email: [EMAIL PROTECTED] | ---------- | Greetings all, | | I'm looking for suggestions on innovative ways to find zombie machines on my | networks. Right now, we're looking for IRC traffic and doing some checking | for connections to C&C machines (using Shadowserver and various other C&C | lists). | | Do any of you have any recommendations for other methods? So far, I haven't | been able to find too much zombie activity, but I have a feeling it's there. | We simply have too many machines for there not to be some activity. | | Thanks, | Sean Zadig | | Sean Zadig | Special Agent | NASA OIG Computer Crimes Division | Goddard Space Flight Center | 301.286.8232 | PGP Key: 0xE9659D75 | | ! WARNING ! This publicly distributed email including any attachments is intended only for | authorized recipients. Recipients may only forward this information as | authorized. This email may contain non-public information that is "Law | Enforcement Sensitive," "Sensitive but Unclassified," or otherwise subject | to the Privacy Act and/or legal and other applicable privileges that | restrict release without appropriate legal authority and clearance. | Accordingly, the use, dissemination, distribution or reproduction of this | information to or by unauthorized or unintended recipients, including but | not limited to non-NASA recipients, may be unlawful. | | _______________________________________________ | To report a botnet PRIVATELY please email: [EMAIL PROTECTED] | All list and server information are public and available to law enforcement upon request. | http://www.whitestar.linuxbox.org/mailman/listinfo/botnets | - -- Peter and Karin Dambier Cesidian Root - Radice Cesidiana Rimbacher-Strasse 16 D-69509 Moerlenbach-Bonsweiher +49(6209)795-816 (Telekom) +49(6252)750-308 (VoIP: sipgate.de) mail: [EMAIL PROTECTED] mail: [EMAIL PROTECTED] http://iason.site.voila.fr/ https://sourceforge.net/projects/iason/ http://www.cesidianroot.com/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFFolPBPGG/Vycj6zYRAsp8AJ0f2oVI6QeggioUZBQb8HShUSaZZACfaoH3 oP/RnvG2Kav3Owj/8nnvYGI= =e6wx -----END PGP SIGNATURE----- _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
