To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- Le lundi 08 janvier 2007 à 08:35 -0500, Sean Zadig a écrit : > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > ---------- > Greetings all, > > I'm looking for suggestions on innovative ways to find zombie machines on my > networks. Right now, we're looking for IRC traffic and doing some checking > for connections to C&C machines (using Shadowserver and various other C&C > lists). > > Do any of you have any recommendations for other methods? So far, I haven't > been able to find too much zombie activity, but I have a feeling it's there. > We simply have too many machines for there not to be some activity. > > Thanks, > Sean Zadig > > Sean Zadig > Special Agent > NASA OIG Computer Crimes Division > Goddard Space Flight Center > 301.286.8232 > PGP Key: 0xE9659D75 >
You may install nepenthes (http://nepenthes.mwcollect.org/) somewhere in your network. For example, one day, I was doing a presentation and nepenthes was running on my laptop. I plugged my machine in the network and I "accidentaly" catched a malware ... -- Christophe Monniez <[EMAIL PROTECTED]> www.d-fence.be - www.lnx4n6.be _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
