To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- Feel free to send me the tcpdump of IPs to work on shutting down the DNS.
Anderson Fergie wrote: > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > ---------- > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > - -- Tom <[EMAIL PROTECTED]> wrote: > > >> I think you missed the point. They have not only 100's of zombied >> > IPs that serve up http for drugs, phish, porn, etc. but they have > hundreds of zombied machines that do DNS for them as well. > > > Yep -- we call 'em "fast flux". > > For example, see: > > http://cert.uni-stuttgart.de/stats/dns-replication.php?query=differbe.hk&su > bmit=Query > > And then pick out one of the IPs, for example: > > http://cert.uni-stuttgart.de/stats/dns-replication.php?query=69.157.10.64&s > ubmit=Query > > You could keep this up for a while. :-) > > The real issue here is getting the various registrars to respond > to abuse issues -- some of them are not-so-helpful... > > - - ferg > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.6.1 (Build 1012) > > wj8DBQFGQgsUq1pz9mNUZTMRAvLCAKD41GRv0I3+v9nVe3F1nWZRfu4LUgCghfH+ > /uz7gy+mAkJsvBEMNJrQJDo= > =hZgS > -----END PGP SIGNATURE----- > > -- > "Fergie", a.k.a. Paul Ferguson > Engineering Architecture for the Internet > fergdawg(at)netzero.net > ferg's tech blog: http://fergdawg.blogspot.com/ > > _______________________________________________ > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > All list and server information are public and available to law enforcement > upon request. > http://www.whitestar.linuxbox.org/mailman/listinfo/botnets > > > _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets