funsec mailing list archives
Re: Reporting botnets
From: Mike Johnson <mike () enoch org>
Date: Mon, 06 Feb 2006 21:01:48 -0500
Jeff Kell wrote:
There are some scattered groups with their own deserved level of paranoia in an effort to keep the bad guys out, but having a common place to report these discoveries should be a no-brainer. If there is one, I must have missed it.
Agreed. I figured this was a good place to ask, and all requests have been responded to. I guess I should say that I'm not a security vendor of any sort (used to work for one, happy to be out of there), and don't stand to make anything off of sharing the information other than perhaps some new IPs to keep an eye out for. So I'd love a two way street, but if I know something good will come out of it, I don't mind sharing. I wonder how much of the paranoia is over 'OMG, if I can keep my security service competitors from knowing these IPs, it looks like I'm much better!'
The bonus points come if there was a centralized distribution of known C&C hosts that we could use to (a) prevent further spread locally and (b) locate infected hosts by looking for recurring SYNs to one of these addresses.
Indeed. I'm personally not after any legal action, just want to get the C&Cs shut down, as well as knowing any other infections in my network. I know we're only seeing the easy ones right now.
Thanks, Mike _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Reporting botnets Mike Johnson (Feb 06)
- Re: Reporting botnets Gadi Evron (Feb 06)
- Re: Reporting botnets Dude VanWinkle (Feb 06)
- Re: Reporting botnets Jeff Kell (Feb 06)
- Re: Reporting botnets Mike Johnson (Feb 07)
- Re: Reporting botnets Rick Wesson (Feb 06)
- Re: Reporting botnets RLVaughn (Feb 07)
- Re: Reporting botnets Reed Loden (Feb 07)
- <Possible follow-ups>
- RE: Reporting botnets Todd Towles (Feb 07)
- RE: Reporting botnets Todd Towles (Feb 07)
- Re: Reporting botnets Gadi Evron (Feb 06)