funsec mailing list archives
Re: The Criminal Underground: A Walk on the Dark Side
From: "Paul Ferguson" <fergdawg () netzero net>
Date: Wed, 5 Sep 2007 21:48:43 GMT
All good & reasonable assumptions. ;-) - ferg -- coderman <coderman () gmail com> wrote: On 9/5/07, Dude VanWinkle <dudevanwinkle () gmail com> wrote:
... What ever happened to looking at the C&C for incoming connections and ngrepping out the IP's ?
the C&C for storm and other advanced botnets has moved into distributed hash tables and dns fast flux reached via multiple hops (where each hop is monitored upstream as well, to know when to cut and run...) this is actually the most interesting aspect of these modern botnets, the decentralized and anonymized control structures pulling the strings. more details would be excellent, but seem sparse for some reason. (researchers don't want to encourage more adoption of effective countermeasures?)
Is there no programmatic way to use the detection methods in place to generate a list of currently controlled bots?
it would require constantly scanning a large DHT ring (overnet) with a fair amount of node churn. perhaps someone is doing this (CAIDA?) but it would take a good amount of bandwidth, honeypots, and effort. and even if they are, they're not publishing the data, and even if they did, i bet you money they'd disappear under a DDoS flood within hours... :) best regards, _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- High Concept Comedy: Security is Economic!, (continued)
- High Concept Comedy: Security is Economic! Bruce Ediger (Sep 05)
- Re: The Criminal Underground: A Walk on the Dark Side Dude VanWinkle (Sep 05)
- Re: The Criminal Underground: A Walk on the Dark Side Valdis . Kletnieks (Sep 05)
- Re: The Criminal Underground: A Walk on the Dark Side coderman (Sep 05)
- Re: The Criminal Underground: A Walk on the Dark Side Dude VanWinkle (Sep 05)
- Re: The Criminal Underground: A Walk on the Dark Side coderman (Sep 05)
- Re: The Criminal Underground: A Walk on the Dark Side Dude VanWinkle (Sep 06)
- Re: The Criminal Underground: A Walk on the Dark Side Valdis . Kletnieks (Sep 06)
- Re: The Criminal Underground: A Walk on the Dark Side Jim Murray (Sep 06)
- Re: The Criminal Underground: A Walk on the Dark Side Rob, grandpa of Ryan, Trevor, Devon & Hannah (Sep 06)