Security Incidents mailing list archives

Re: IRC DDoS bots

From: "Jon Nelson" <quincy () linuxnotes net>
Date: Mon, 17 Mar 2003 08:22:51 -0500 (EST)


Johannes Ullrich said:

It's another mIRC based DDoS trojan that scans for NT-Password and IIS
unicode exploits.
So the next questions is...  How do we go about apprehending the
culprits? Can we somehow get wxmail.net revoked?


IRC bots are a common plague. We do play 'whack the bot' once in a while
if we find out about it. So far, I have yet to see a case successfully
prosecuted.


If you can find a case where the bot and the victim are in the same state
you could try contacting your state police for assistance.  The majority
of state police agencies have Computer Crime Units/Task Forces, who would
most likley be interested in these cases.

Even if the bot and victim aren't in the same state you might want to
contact them anyway, because it doesn't hurt to ask.

As fas prosecution, Pennsylvania recently enacted new computer crime laws
and one specifically addresses DOS attacks. Here are the laws:

http://www.legis.state.pa.us/2001_0/sb1402p2429.htm

Jon

-- 
Trooper Jon S. Nelson, Linux Certified Admin.
Pa. State Police, Bureau of Criminal Investigation
Computer Crimes Unit
Work: 610.344.4471 Page: 866.284.1603
jonelson () state pa us



----------------------------------------------------------------------------

<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure";> http://www.securityfocus.com/stillsecure </A>

Current thread:

IRC DDoS bots grwolf (Mar 14)
- Re: IRC DDoS bots Johannes Ullrich (Mar 14)
  - RE: IRC DDoS bots James C Slora Jr (Mar 14)
  - Re: IRC DDoS bots Jon Nelson (Mar 17)