nanog mailing list archives
Re: RBL for bots?
From: Matthew Sullivan <matthew () sorbs net>
Date: Fri, 16 Feb 2007 11:49:07 +1100
Drew Weaver wrote:
Has anyone created an RBL, much like (possibly) the BOGON list which includes the IP addresses of hosts which seem to be "infected" and are attempting to brute-force SSH/HTTP, etc? It would be fairly easy to setup a dozen or more honeypots and examine the logs in order to create an initial list. Anyone know of anything like this?
web.dnsbl.sorbs.net has hosts that do this as well as korgo infected machines, and a whole host of other types of vulnerabilities, trojans and bots.
Do be careful about how you use the data, we don't distinguish between the types for very good reason.
Regards, Mat
Current thread:
- Re: botnets: web servers, end-systems and Vint Cerf, (continued)
- Re: botnets: web servers, end-systems and Vint Cerf Sean Donelan (Feb 16)
- Re: botnets: web servers, end-systems and Vint Cerf Eric Gauthier (Feb 16)
- Re: botnets: web servers, end-systems and Vint Cerf Gadi Evron (Feb 16)
- Re: botnets: web servers, end-systems and Vint Cerf Eric Gauthier (Feb 26)
- Re: botnets: web servers, end-systems and Vint Cerf Sean Donelan (Feb 27)
- resnets and naming (was: Re: botnets: web servers, end-systems and Vint Cerf) Steven Champeon (Feb 16)
- Re: resnets and naming Scott McGrath (Feb 16)
- Re: botnets: web servers, end-systems and Vint Cerf Sean Donelan (Feb 16)
- Re: RBL for bots? J. Oquendo (Feb 16)