To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- You might also be interested in a live-cd distribution of nepenthes from http://www.lnx4n6.be/.
On Jan 15, 2007, at 5:08 PM, [EMAIL PROTECTED] wrote: > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > ---------- > On Mon, 8 Jan 2007, Sean Zadig wrote: > > :] I'm looking for suggestions on innovative ways to find zombie > machines on my > :] networks. Right now, we're looking for IRC traffic and doing > some checking > :] for connections to C&C machines (using Shadowserver and various > other C&C > :] lists). > :] > :] Do any of you have any recommendations for other methods? So > far, I haven't > :] been able to find too much zombie activity, but I have a feeling > it's there. > :] We simply have too many machines for there not to be some activity. > > Hello. > > I suggest You to find one machine and install on it: > http://nepenthes.mwcollect.org/ > > Its very beautyful software to collect malware from Your network. > > Secondly You can count how many packets per seconds (for ports > 135,139,445) are sending from one ip. If its more than 10 pps > to more than few ips it will be probably trojan infected (tcpdump + > perl,bash etc.) > > Thirdly You can use [on Linux,Unix] my small script on routers > which uses ngrep: > http://kaneda.bohater.net/files/spamdetector.sh > > and count how many unique "MAIL FROM" strings are sending from one > ip to > more than few smtp servers. This method I use to find spambots on my > network. (I run this script every 10 minutes for few seconds) > Its very simply but very effective way to find spambots. > > Kanedaaa _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
