funsec mailing list archives
Re: Botnet Reporting
From: Gadi Evron <ge () linuxbox org>
Date: Wed, 08 Feb 2006 21:08:17 +0200
Mike Johnson wrote:
Gadi Evron wrote:Only good luck. There is always a place for more people to fight this fight.There are 2 groups currently doing exactly this, though. If you choose to be a third I will help any way I can, otherwise you may choose to join one of these or pick a fight no one is fighting.:)I guess the question is how does one join one of these groups? I ask this for two reasons: 1) Given IP addresses, I can watch my network for connections to those IP addresses (as well as log all packets to and from those IPs, possibly providing more information on the botnet) and 2) I sometimes see 'suspicious' behavior, that I can't really explain and I'd love to have a group to discuss this with. (For instance, I've got a few hosts that are joining IRC channels with randomly generated nicks, but don't seem to be doing anything -- a simple "has anyone else seen this" would probably be terribly helpful)And I suppose the other issue will be resolved as soon as the public reporting information is posted. I assumed there were groups dealing with this, but had no way to find them, which was terribly frustrating.As an aside, it seems the ones I reported (that started the thread) have been shut down (for now).
Like I said, we do this every day. :)As to joining the groups.. it's a bit of a problem. Let me think on this for a couple of days.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Botnet Reporting Carl Jongsma (Feb 08)
- Re: Botnet Reporting Gadi Evron (Feb 08)
- Re: Botnet Reporting Mike Johnson (Feb 08)
- Re: Botnet Reporting Gadi Evron (Feb 08)
- Re: Botnet Reporting Mike Johnson (Feb 08)
- Re: Botnet Reporting Gadi Evron (Feb 08)