funsec mailing list archives
Re: Reporting botnets
From: Jeff Kell <jeff-kell () utc edu>
Date: Mon, 06 Feb 2006 18:58:20 -0500
Mike Johnson wrote:
So, as I was reporting an IRC server and a distribution server (webserver hosting files for the bot) today I got to wondering if there's some organization out there that collects statistics on these and/or gets involved in handling of these reports. So far, when I've made the reports, the hosts involved are helpful in the resolution, but I'm sure I'll run into a difficult one at some point (perhaps after I start trying to report the ones in China).
There are some scattered groups with their own deserved level of paranoia in an effort to keep the bad guys out, but having a common place to report these discoveries should be a no-brainer. If there is one, I must have missed it. The bonus points come if there was a centralized distribution of known C&C hosts that we could use to (a) prevent further spread locally and (b) locate infected hosts by looking for recurring SYNs to one of these addresses. You see quite a few of these watching an .edu, particularly the recent omgitskp that actually targets, or at least favors edus Jeff _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Reporting botnets Mike Johnson (Feb 06)
- Re: Reporting botnets Gadi Evron (Feb 06)
- Re: Reporting botnets Dude VanWinkle (Feb 06)
- Re: Reporting botnets Jeff Kell (Feb 06)
- Re: Reporting botnets Mike Johnson (Feb 07)
- Re: Reporting botnets Rick Wesson (Feb 06)
- Re: Reporting botnets RLVaughn (Feb 07)
- Re: Reporting botnets Reed Loden (Feb 07)
- <Possible follow-ups>
- RE: Reporting botnets Todd Towles (Feb 07)
- RE: Reporting botnets Todd Towles (Feb 07)
- Re: Reporting botnets Gadi Evron (Feb 06)