Re: Botnet Reporting

[Mike Johnson <mike () enoch org>]

Gadi Evron wrote:
> Only good luck. There is always a place for more people to fight this 
> fight.
>
> There are 2 groups currently doing exactly this, though. If you choose 
> to be a third I will help any way I can, otherwise you may choose to 
> join one of these or pick a fight no one is fighting.
> :)

I guess the question is how does one join one of these groups?  I ask 
this for two reasons: 1) Given IP addresses, I can watch my network for 
connections to those IP addresses (as well as log all packets to and 
from those IPs, possibly providing more information on the botnet) and 
2) I sometimes see 'suspicious' behavior, that I can't really explain 
and I'd love to have a group to discuss this with.  (For instance, I've 
got a few hosts that are joining IRC channels with randomly generated 
nicks, but don't seem to be doing anything -- a simple "has anyone else 
seen this" would probably be terribly helpful)

And I suppose the other issue will be resolved as soon as the public 
reporting information is posted.  I assumed there were groups dealing 
with this, but had no way to find them, which was terribly frustrating.

As an aside, it seems the ones I reported (that started the thread) have 
been shut down (for now).

Mike
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.