Hello Randall, Monday, March 14, 2005, 2:49:41 PM, you wrote:
RM> Now that you two have reacquainted yourselves can we can back to the paper? RM> -----Original Message----- RM> From: [EMAIL PROTECTED] RM> [mailto:[EMAIL PROTECTED] On Behalf Of pingywon RM> Sent: Sunday, March 13, 2005 10:02 PM RM> To: Egoist RM> Cc: [email protected]; [EMAIL PROTECTED]; RM> dailydave RM> Subject: Re: Re[2]: [Full-disclosure] Know Your Enemy: Tracking Botnets RM> hello cock monger RM> ~pingywon RM> ----- Original Message ----- RM> From: "Egoist" <[EMAIL PROTECTED]> RM> To: "pingywon" <[EMAIL PROTECTED]> RM> Cc: "Thorsten Holz" <[EMAIL PROTECTED]>; "dailydave" RM> <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; RM> <[email protected]> RM> Sent: Sunday, March 13, 2005 10:40 PM RM> Subject: Re[2]: [Full-disclosure] Know Your Enemy: Tracking Botnets >> Hello pingywon, >> >> Monday, March 14, 2005, 6:22:43 AM, you wrote: >> >> p> haha .. I didnt think anyone was REALLY named Thorsten >> >> p> ... I mean good paper.... >> >> p> ~pingywon >> >> >> p> ----- Original Message ----- >> p> From: "Thorsten Holz" <[EMAIL PROTECTED]> >> p> To: "dailydave" <[EMAIL PROTECTED]>; >> p> <[EMAIL PROTECTED]>; <[email protected]> >> p> Sent: Sunday, March 13, 2005 10:08 PM >> p> Subject: [Full-disclosure] Know Your Enemy: Tracking Botnets >> >> >> >> Greetings, >> >> >> >> The Honeynet Project and Research Alliance is excited to announce the >> >> release of a new paper "KYE: Tracking Botnets". This paper is based on >> >> the extensive research by the German Honeynet Project. >> >> >> >> KYE: Tracking Botnets >> >> http://www.honeynet.org/papers/bots/ >> >> >> >> Abstract: >> >> --------- >> >> >> >> Honeypots are a well known technique for discovering the tools, RM> tactics, >> >> and motives of attackers. In this paper we look at a special kind of >> >> threat: the individuals and organizations who run botnets. A botnet is RM> a >> >> network of compromised machines that can be remotely controlled by an >> >> attacker. Due to their immense size (tens of thousands of systems can RM> be >> >> linked together), they pose a severe threat to the community. With the >> >> help of honeynets we can observe the people who run botnets - a task >> >> that is difficult using other techniques. Due to the wealth of data >> >> logged, it is possible to reconstruct the actions of attackers, the >> >> tools they use, and study them in detail. In this paper we take a RM> closer >> >> look at botnets, common attack techniques, and the individuals RM> involved. >> >> >> >> We start with an introduction to botnets and how they work, with >> >> examples of their uses. We then briefly analyze the three most common >> >> bot variants used. Next we discuss a technique to observe botnets, >> >> allowing us to monitor the botnet and observe all commands issued by RM> the >> >> attacker. We present common behavior we captured, as well as statistics >> >> on the quantitative information learned through monitoring more than RM> one >> >> hundred botnets during the last few months. We conclude with an RM> overview >> >> of lessons learned and point out further research topics in the area of >> >> botnet-tracking, including a tool called mwcollect2 that focuses on >> >> collecting malware in an automated fashion. >> >> >> >> Thank you for your time, >> >> Thorsten Holz, on behalf of the GHP >> >> (http://www-i4.informatik.rwth-aachen.de/lufg/honeynet) >> >> >> >> >> >> _______________________________________________ >> >> Full-Disclosure - We believe in it. >> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> >> Hosted and sponsored by Secunia - http://www.secunia.com/ >> >> >> p> _______________________________________________ >> p> Full-Disclosure - We believe in it. >> p> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> p> Hosted and sponsored by Secunia - http://www.secunia.com/ >> >> lol i am too >> >> shit my botnet just increases in size wow >> >> -- >> Best regards, >> Egoist mailto:[EMAIL PROTECTED] >> >> >> RM> _______________________________________________ RM> Full-Disclosure - We believe in it. RM> Charter: http://lists.grok.org.uk/full-disclosure-charter.html RM> Hosted and sponsored by Secunia - http://www.secunia.com/ today i see strange packets coming to my bots, mostly trying to spoof authorization requests, mostly UDP, but of course those bad guys even can't fix request checksum the war begins? -- Best regards, Egoist mailto:[EMAIL PROTECTED] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://www.secunia.com/
