funsec mailing list archives
Re: Reporting botnets
From: Reed Loden <reed () reedloden com>
Date: Mon, 6 Feb 2006 19:54:57 -0600
On Mon, 06 Feb 2006 17:42:29 -0500 Mike Johnson <mike () enoch org> wrote:
So, as I was reporting an IRC server and a distribution server (webserver hosting files for the bot) today I got to wondering if there's some organization out there that collects statistics on these and/or gets involved in handling of these reports. So far, when I've made the reports, the hosts involved are helpful in the resolution, but I'm sure I'll run into a difficult one at some point (perhaps after I start trying to report the ones in China). So, does such a beast exist? OBFunSec: Uh. Hrm. I got nothing.
As a long time IRCd/services developer and IRC operator/administrator on several networks, I have spent many hours searching and trying to create a way to ease reporting of drones. My master plan would be to take RequestTracker (http://bestpractical.com/rt/) along with the Incident Response module (http://bestpractical.com/rtir/) and modify them to work with reporting of drones. As a ticket is opened and drone info is stored in a parent ticket, abuse reports (leaf tickets) could be automatically spawned off to the appropriate people using the information from the parent ticket. This would allow a fairly simple way of reporting and seeing what ISPs reply to the reports sent out. I have envisioned it as a global project for all IRC networks that are trustworthy enough to participate (level of trust can be determined in alternate methods depending on how the project proceeds). Anyway, this is just a short overview of my thoughts. I really need some web developers to collaborate on the project more closely. :) Your fellow drone hunter/cleaner, ~reed -- Reed Loden - <reed () reedloden com> _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Reporting botnets Mike Johnson (Feb 06)
- Re: Reporting botnets Gadi Evron (Feb 06)
- Re: Reporting botnets Dude VanWinkle (Feb 06)
- Re: Reporting botnets Jeff Kell (Feb 06)
- Re: Reporting botnets Mike Johnson (Feb 07)
- Re: Reporting botnets Rick Wesson (Feb 06)
- Re: Reporting botnets RLVaughn (Feb 07)
- Re: Reporting botnets Reed Loden (Feb 07)
- <Possible follow-ups>
- RE: Reporting botnets Todd Towles (Feb 07)
- RE: Reporting botnets Todd Towles (Feb 07)
- Re: Reporting botnets Gadi Evron (Feb 06)