Security Incidents mailing list archives
Re: IRC DDoS bots
From: "Johannes Ullrich" <jullrich () euclidian com>
Date: Fri, 14 Mar 2003 12:56:18 -0500
O
It's another mIRC based DDoS trojan that scans for NT-Password and IIS unicode exploits. So the next questions is... How do we go about apprehending the culprits? Can we somehow get wxmail.net revoked?
IRC bots are a common plague. We do play 'whack the bot' once in a while if we find out about it. So far, I have yet to see a case successfully prosecuted. The best bet is to call however hosts the IRC server and have them yank the server. Be ready to find some resistance and confusion as you talk to your first 'tech support' person about IRC bots. Try to get through to a security contact. It looks like the particular server you where monitoring is no longer responding. So maybe they took already care of it. Regarding prosecuting: Talk to your local FBI office and see if you can get them interested. However, usually they don't bother unless you have significant damages (the 'official' threshold of $5,000 is usually no enough). If whoever is hosting this server is not cooperating, you may want to try going for a civil suit. Its probably more promising but you need the stomach/money for it. If you need any further help, contact me off-list. -- -------------------------------------------------------------------- jullrich () euclidian com Collaborative Intrusion Detection join http://www.dshield.org ---------------------------------------------------------------------------- <Pre>Lose another weekend managing your IDS? Take back your personal time. 15-day free trial of StillSecure Border Guard.</Pre> <A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
Current thread:
- IRC DDoS bots grwolf (Mar 14)
- Re: IRC DDoS bots Johannes Ullrich (Mar 14)
- RE: IRC DDoS bots James C Slora Jr (Mar 14)
- Re: IRC DDoS bots Jon Nelson (Mar 17)
- Re: IRC DDoS bots Johannes Ullrich (Mar 14)