Security Incidents mailing list archives
Re: IRC DDoS bots
From: "Jon Nelson" <quincy () linuxnotes net>
Date: Mon, 17 Mar 2003 08:22:51 -0500 (EST)
Johannes Ullrich said:
OIt's another mIRC based DDoS trojan that scans for NT-Password and IIS unicode exploits. So the next questions is... How do we go about apprehending the culprits? Can we somehow get wxmail.net revoked?IRC bots are a common plague. We do play 'whack the bot' once in a while if we find out about it. So far, I have yet to see a case successfully prosecuted.
If you can find a case where the bot and the victim are in the same state you could try contacting your state police for assistance. The majority of state police agencies have Computer Crime Units/Task Forces, who would most likley be interested in these cases. Even if the bot and victim aren't in the same state you might want to contact them anyway, because it doesn't hurt to ask. As fas prosecution, Pennsylvania recently enacted new computer crime laws and one specifically addresses DOS attacks. Here are the laws: http://www.legis.state.pa.us/2001_0/sb1402p2429.htm Jon -- Trooper Jon S. Nelson, Linux Certified Admin. Pa. State Police, Bureau of Criminal Investigation Computer Crimes Unit Work: 610.344.4471 Page: 866.284.1603 jonelson () state pa us ---------------------------------------------------------------------------- <Pre>Lose another weekend managing your IDS? Take back your personal time. 15-day free trial of StillSecure Border Guard.</Pre> <A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
Current thread:
- IRC DDoS bots grwolf (Mar 14)
- Re: IRC DDoS bots Johannes Ullrich (Mar 14)
- RE: IRC DDoS bots James C Slora Jr (Mar 14)
- Re: IRC DDoS bots Jon Nelson (Mar 17)
- Re: IRC DDoS bots Johannes Ullrich (Mar 14)