Full Disclosure mailing list archives
Re: Re: Know Your Enemy: Tracking Botnets (ThorstenHolz)
From: Thorsten Holz <thorsten.holz () mmweg rwth-aachen de>
Date: Mon, 14 Mar 2005 20:57:36 +0100
Egoist wrote:
VKve> Have to admit, for such a lame tool as agobot, it's certainly nailed a lot VKve> of systems. ;)Lot of systems? Where you get that statistic ? How do u analyze that?
One possible way to estimate this is taking a look at logfiles: For example, Agobot performs a speed test on startup. One of the domains for this test is www.belwue.de. So if you are in the lucky position and are admin for this domain, just take a look how often this speed test is performed (HTTP POST of file with size of 1MB). In Mai 2004, about 300,000 IP addresses could be identified per _day_ in this way. Even if you take doubles into account, I would say that it nailed a lot of systems :-) Reference: 12th DFN-CERT Workshop (http://www.dfn-cert.de/events/ws/2005) Cheers, Thorsten _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://www.secunia.com/
Current thread:
- Re: Know Your Enemy: Tracking Botnets (Thorsten Holz) David Jungerson (Mar 14)
- Re: Re: Know Your Enemy: Tracking Botnets (ThorstenHolz) phased (Mar 14)
- Re: Re: Know Your Enemy: Tracking Botnets (ThorstenHolz) Valdis . Kletnieks (Mar 14)
- Re[2]: Re: Know Your Enemy: Tracking Botnets (ThorstenHolz) Egoist (Mar 14)
- Re: Re[2]: Re: Know Your Enemy: Tracking Botnets (ThorstenHolz) Valdis . Kletnieks (Mar 14)
- Re[4]: Re: Know Your Enemy: Tracking Botnets (ThorstenHolz) Egoist (Mar 14)
- Re: Re[4]: Re: Know Your Enemy: Tracking Botnets (ThorstenHolz) Valdis . Kletnieks (Mar 14)
- Re[6]: Re: Know Your Enemy: Tracking Botnets (ThorstenHolz) Egoist (Mar 14)
- Re: Re[6]: Re: Know Your Enemy: Tracking Botnets (ThorstenHolz) Valdis . Kletnieks (Mar 14)
- Re: Re: Know Your Enemy: Tracking Botnets (ThorstenHolz) Valdis . Kletnieks (Mar 14)
- Re: Re: Know Your Enemy: Tracking Botnets (ThorstenHolz) Thorsten Holz (Mar 14)
- Re: Re: Know Your Enemy: Tracking Botnets (ThorstenHolz) phased (Mar 14)
- Re: Re: Know Your Enemy: Tracking Botnets (ThorstenHolz) Thorsten Holz (Mar 14)
- RE: Re: Know Your Enemy: Tracking Botnets(ThorstenHolz) Aditya Deshmukh (Mar 14)
- Good security books Scott White (Mar 14)
- Re: Good security books Dave King (Mar 14)
- Re: [FD] Good security books Andrew J Caines (Mar 14)
- RE: Re: [FD] Good security books Scott White (Mar 14)
- RE: Re: [FD] Good security books Edward Ray (Mar 14)
- Re: Re: [FD] Good security books Anders Langworthy (Mar 15)
- Re: Good security books bugtraq (Mar 14)
- Message not available
- Fwd: Good security books 0xception (Mar 14)