nanog mailing list archives
Re: [nanog] RE: short Botnet list and Cashing in on DoS
From: "Dan Mahoney, System Admin" <danm () prime gushi org>
Date: Thu, 7 Oct 2004 12:06:43 -0400 (EDT)
On Thu, 7 Oct 2004, Hannigan, Martin wrote:
-----Original Message----- From: owner-nanog () merit edu [mailto:owner-nanog () merit edu]On Behalf Of J. Oquendo Sent: Thursday, October 07, 2004 1:11 AM To: nanog () merit edu Subject: short Botnet list and Cashing in on DoS I've been slowly compiling a list of known botnets should anyone care to filter, or check them in your netblocks if someone in your range is passing off garbage, etc. Information has been passed from others admins having to deal with these pest. Care to pass on a host that you're seeing I'll post it for others to see as well. Perhaps when I have spare time, I may or may not throw up something where admins can check, add, hosts they're seeing. Don't know if I want my connection getting toasted for doing so, but it could be something informative, a-la spamhaus. Bothaus anyone? http://www.infiltrated.net/sdbot-irc-servers.txtThe problem with that is the list rapidly updates and must be maintained with some level of frequency and there's a level of trust involved in it as well. Going after the bots is lesser effort. The controllers are a priority.
And it's in this arena that honeypots become most valuable, although if I personally were going to do something like this, I'd be logged in from a login from a login over a netzero dialup over a previously-discovered open-proxy.
The beauty is that script-kiddies aren't that intelligent. -Dan
-M< -- Martin Hannigan (c) 617-388-2663 VeriSign, Inc. (w) 703-948-7018 Network Engineer IV Operations & Infrastructure hannigan () verisign com
-- "It doesn't matter where I live, because I live in dataspace. That's my hometown." -Steve Roberts, Builder of BEHEMOTH --------Dan Mahoney-------- Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org ---------------------------
Current thread:
- short Botnet list and Cashing in on DoS J. Oquendo (Oct 06)
- Re: short Botnet list and Cashing in on DoS Gadi Evron (Oct 06)
- Re: short Botnet list and Cashing in on DoS Mike Tancsa (Oct 07)
- Re: short Botnet list and Cashing in on DoS Matthew S. Hallacy (Oct 08)
- <Possible follow-ups>
- Re: short Botnet list and Cashing in on DoS frank (Oct 07)
- Re: short Botnet list and Cashing in on DoS Alistair Cockeram (Oct 07)
- Re: short Botnet list and Cashing in on DoS Randy Bush (Oct 07)
- RE: short Botnet list and Cashing in on DoS Hannigan, Martin (Oct 07)
- Re: [nanog] RE: short Botnet list and Cashing in on DoS Dan Mahoney, System Admin (Oct 07)
- Re: short Botnet list and Cashing in on DoS Gadi Evron (Oct 07)
- Re: short Botnet list and Cashing in on DoS Paul Vixie (Oct 07)
- Re: short Botnet list and Cashing in on DoS Randy Bush (Oct 07)
- RE: short Botnet list and Cashing in on DoS Drew Weaver (Oct 08)
- Re: short Botnet list and Cashing in on DoS Matthew S. Hallacy (Oct 08)
- Re: short Botnet list and Cashing in on DoS Gadi Evron (Oct 08)
- Re: short Botnet list and Cashing in on DoS Matthew S. Hallacy (Oct 08)
- Re: short Botnet list and Cashing in on DoS Gadi Evron (Oct 08)
- Fixing stuff (was Re: short Botnet list and Cashing in on DoS) Sean Donelan (Oct 09)
- Re: Fixing stuff (was Re: short Botnet list and Cashing in on DoS) Stephen J. Wilcox (Oct 09)
- Re: short Botnet list and Cashing in on DoS Matthew S. Hallacy (Oct 08)