Full Disclosure mailing list archives
Re[2]: Re: Know Your Enemy: Tracking Botnets (ThorstenHolz)
From: Egoist <mastah () phreaker net>
Date: Mon, 14 Mar 2005 21:22:26 +0300
Hello Valdis, Monday, March 14, 2005, 9:11:08 PM, you wrote: VKve> On Mon, 14 Mar 2005 20:21:35 +0300, phased said:
no they didnt, shit paper, nothing new, absolute crap just publicity bollocks
VKve> (I haven't actually read the paper in question yet, but still..) VKve> Notice that often, a "nothing new" paper can still be important just due to VKve> readability by an audience other than the technical geeks. For example, it's VKve> been *years* since "Smashing the stack for fun and profit" made it all clear VKve> for the bitheads among us - but would you give it to your upper management as VKve> justification for a project? No, you'd need to find a white paper that had VKve> "nothing new" in it, but which stated it in a way that the threat becomes clear VKve> even to a manager. And writing something that's accessible by a *novice* VKve> sysadmin that has maybe a year or two experience is an entirely different skill.... VKve> In fact, for some stuff like the FBI/SANS Top 20 we do every year, or the VKve> Center for Internet Security benchmarks, if something is "new", it's almost VKve> certainly out of scope - when I did a very early draft of what Hal Pomeranz VKve> ended up making into the CIS Solaris benchmark, "Have I heard this point enough VKve> times I want to gag" was one of the clearest indicators that something should VKve> be in the guidelines...
We start with an introduction to botnets and how they work, with
they work perfectly if coded not by kids, they use crypted communication, most of them moving to p2p technology to eliminate servers i dont say about that lame toolz like agobot and friends
examples of their uses. We then briefly analyze the three most common bot variants used. Next we discuss a technique to observe botnets,
technique to observe botnets: run vmware, goto sexocean.com, surf porno, infect yourself, run tcpdump, spend months to understand protocols, disassemble, try to reconstruct source code.
allowing us to monitor the botnet and observe all commands issued by
the
attacker. We present common behavior we captured, as well as statistics
wow really u can?
on the quantitative information learned through monitoring more than
one
hundred botnets during the last few months. We conclude with an
overview
of lessons learned and point out further research topics in the area of botnet-tracking, including a tool called mwcollect2 that focuses on collecting malware in an automated fashion.
i think i should impelemnt fakemalware.c and fakemalware.h today, so kill your "technique" in automated fashion -- Best regards, Egoist mailto:mastah () phreaker net _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://www.secunia.com/
Current thread:
- Re: Know Your Enemy: Tracking Botnets (Thorsten Holz) David Jungerson (Mar 14)
- Re: Re: Know Your Enemy: Tracking Botnets (ThorstenHolz) phased (Mar 14)
- Re: Re: Know Your Enemy: Tracking Botnets (ThorstenHolz) Valdis . Kletnieks (Mar 14)
- Re[2]: Re: Know Your Enemy: Tracking Botnets (ThorstenHolz) Egoist (Mar 14)
- Re: Re[2]: Re: Know Your Enemy: Tracking Botnets (ThorstenHolz) Valdis . Kletnieks (Mar 14)
- Re[4]: Re: Know Your Enemy: Tracking Botnets (ThorstenHolz) Egoist (Mar 14)
- Re: Re[4]: Re: Know Your Enemy: Tracking Botnets (ThorstenHolz) Valdis . Kletnieks (Mar 14)
- Re[6]: Re: Know Your Enemy: Tracking Botnets (ThorstenHolz) Egoist (Mar 14)
- Re: Re[6]: Re: Know Your Enemy: Tracking Botnets (ThorstenHolz) Valdis . Kletnieks (Mar 14)
- Re: Re: Know Your Enemy: Tracking Botnets (ThorstenHolz) Valdis . Kletnieks (Mar 14)
- Re: Re: Know Your Enemy: Tracking Botnets (ThorstenHolz) Thorsten Holz (Mar 14)
- Re: Re: Know Your Enemy: Tracking Botnets (ThorstenHolz) phased (Mar 14)
- Re: Re: Know Your Enemy: Tracking Botnets (ThorstenHolz) Thorsten Holz (Mar 14)
- RE: Re: Know Your Enemy: Tracking Botnets(ThorstenHolz) Aditya Deshmukh (Mar 14)
- Good security books Scott White (Mar 14)
- Re: Good security books Dave King (Mar 14)