Hi James, I've found that using the Shadow Server network/ASN reports is very useful, depending on what analysis you are trying to do.
http://www.shadowserver.org/wiki/pmwiki.php/Involve/GetReportsOnYourNetwork I.e. - Detected Botnet Command and Control servers - Infected systems (drones) - DDoS attacks (source and victim) - Scans - Clickfraud - Compromised hosts - Proxies - Spam relays - Malicious software droppers and other related information. - Compromised hosts - Proxies - Spam relays - Malicious software droppers and other related information. You could always create your own honeypot and/or partner with one of the carriers/ISP's to get live data. Thanks Derek On 24/02/2012, at 8:51 AM, James Smith <[email protected]> wrote: Hello, Can anyone on this list provide botnet network traffic for analysis, or Ip’s which have been infected. -- Sincerely; James Smith CEO, CEH, Security Analyst Email: [email protected] Phone: 1877-760-1953 Website: www.SmithwaySecurity.com CONFIDENTIALITY NOTICE: This communication with its contents may contain confidential and/or legally privileged information. It is solely for the use of the intended recipient(s). Unauthorized interception, review, use or disclosure is prohibited and may violate applicable laws including the Electronic Communications Privacy Act. If you are not the intended recipient, please contact the sender and destroy all copies of the communication. - This communication is confidential to the parties it was intended to serve - _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
