Re: Reporting botnets

[Jeff Kell <jeff-kell () utc edu>]

Mike Johnson wrote:
> So, as I was reporting an IRC server and a distribution server
> (webserver hosting files for the bot) today I got to wondering if
> there's some organization out there that collects statistics on these
> and/or gets involved in handling of these reports.  So far, when I've
> made the reports, the hosts involved are helpful in the resolution,
> but I'm sure I'll run into a difficult one at some point (perhaps
> after I start trying to report the ones in China). 
There are some scattered groups with their own deserved level of
paranoia in an effort to keep the bad guys out, but having a common
place to report these discoveries should be a no-brainer.  If there is
one, I must have missed it.

The bonus points come if there was a centralized distribution of known
C&C hosts that we could use to (a) prevent further spread locally and
(b) locate infected hosts by looking for recurring SYNs to one of these
addresses.

You see quite a few of these watching an .edu, particularly the recent
omgitskp that actually targets, or at least favors edus

Jeff
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.