nanog mailing list archives

Re: [nanog] RE: short Botnet list and Cashing in on DoS

From: "Dan Mahoney, System Admin" <danm () prime gushi org>
Date: Thu, 7 Oct 2004 12:06:43 -0400 (EDT)


On Thu, 7 Oct 2004, Hannigan, Martin wrote:

-----Original Message-----
From: owner-nanog () merit edu [mailto:owner-nanog () merit edu]On Behalf Of
J. Oquendo
Sent: Thursday, October 07, 2004 1:11 AM
To: nanog () merit edu
Subject: short Botnet list and Cashing in on DoS

I've been slowly compiling a list of known botnets should
anyone care to filter, or check them in your netblocks if
someone in your
range is passing off garbage, etc. Information has been
passed from others
admins having to deal with these pest. Care to pass on a host
that you're
seeing I'll post it for others to see as well. Perhaps when I have
spare time, I may or may not throw up something where admins
can check,
add, hosts they're seeing. Don't know if I want my connection getting
toasted for doing so, but it could be something informative, a-la
spamhaus. Bothaus anyone?

http://www.infiltrated.net/sdbot-irc-servers.txt



The problem with that is the list rapidly updates
and must be maintained with some level of frequency
and there's a level of trust involved in it as well.

Going after the bots is lesser effort. The controllers are
a priority.

And it's in this arena that honeypots become most valuable, although if Ipersonally were going to do something like this, I'd be logged in from alogin from a login over a netzero dialup over a previously-discoveredopen-proxy.


The beauty is that script-kiddies aren't that intelligent.

-Dan



-M<

--
Martin Hannigan                         (c) 617-388-2663
VeriSign, Inc.                          (w) 703-948-7018
Network Engineer IV                       Operations & Infrastructure
hannigan () verisign com


--

"It doesn't matter where I live, because I live in dataspace.  That's my
hometown."

-Steve Roberts, Builder of BEHEMOTH

--------Dan Mahoney--------
Techie,  Sysadmin,  WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144   AIM: LarpGM
Site:  http://www.gushi.org
---------------------------

Current thread:

short Botnet list and Cashing in on DoS J. Oquendo (Oct 06)
- Re: short Botnet list and Cashing in on DoS Gadi Evron (Oct 06)
- Re: short Botnet list and Cashing in on DoS Mike Tancsa (Oct 07)
  - Re: short Botnet list and Cashing in on DoS Matthew S. Hallacy (Oct 08)
- <Possible follow-ups>
- Re: short Botnet list and Cashing in on DoS frank (Oct 07)
  - Re: short Botnet list and Cashing in on DoS Alistair Cockeram (Oct 07)
  - Re: short Botnet list and Cashing in on DoS Randy Bush (Oct 07)
- RE: short Botnet list and Cashing in on DoS Hannigan, Martin (Oct 07)
  - Re: [nanog] RE: short Botnet list and Cashing in on DoS Dan Mahoney, System Admin (Oct 07)
  - Re: short Botnet list and Cashing in on DoS Gadi Evron (Oct 07)
  - Re: short Botnet list and Cashing in on DoS Paul Vixie (Oct 07)
    - Re: short Botnet list and Cashing in on DoS Randy Bush (Oct 07)
- RE: short Botnet list and Cashing in on DoS Drew Weaver (Oct 08)
  - Re: short Botnet list and Cashing in on DoS Matthew S. Hallacy (Oct 08)
    - Re: short Botnet list and Cashing in on DoS Gadi Evron (Oct 08)
    - Re: short Botnet list and Cashing in on DoS Matthew S. Hallacy (Oct 08)
    - Re: short Botnet list and Cashing in on DoS Gadi Evron (Oct 08)
    - Fixing stuff (was Re: short Botnet list and Cashing in on DoS) Sean Donelan (Oct 09)
    - Re: Fixing stuff (was Re: short Botnet list and Cashing in on DoS) Stephen J. Wilcox (Oct 09)

(Thread continues...)