funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Reporting botnets

From: Mike Johnson <mike () enoch org>
Date: Mon, 06 Feb 2006 21:01:48 -0500
Jeff Kell wrote:

There are some scattered groups with their own deserved level of
paranoia in an effort to keep the bad guys out, but having a common
place to report these discoveries should be a no-brainer.  If there is
one, I must have missed it.
Agreed. I figured this was a good place to ask, and all requests have been responded to. I guess I should say that I'm not a security vendor of any sort (used to work for one, happy to be out of there), and don't stand to make anything off of sharing the information other than perhaps some new IPs to keep an eye out for. So I'd love a two way street, but if I know something good will come out of it, I don't mind sharing. I wonder how much of the paranoia is over 'OMG, if I can keep my security service competitors from knowing these IPs, it looks like I'm much better!' 


The bonus points come if there was a centralized distribution of known
C&C hosts that we could use to (a) prevent further spread locally and
(b) locate infected hosts by looking for recurring SYNs to one of these
addresses.
Indeed. I'm personally not after any legal action, just want to get the C&Cs shut down, as well as knowing any other infections in my network. I know we're only seeing the easy ones right now. 

Thanks,
Mike
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: