Re: Dismantling Botnets?

[Bryan Allen <bda () mirrorshades net>]

On Oct 18, 2005, at 10:58 PM, steven () lovebug org wrote:

> Is there a place where current information can be given and it will  
> truly
> be investigated and action will be taken?  For example, in the past  
> few
> days I have come across multiple botnets of 30,000-50,000 on each  
> server.
> In one case I even suspect that the hosting provider might be  
> facilitating
> the activity.  For that reason alone I have avoided reporting this  
> to the
> hosting provider.  Is there a government source that actually takes  
> the
> information, investigates it, and will actually make something  
> happen?  I
> think many of us have read the DDoS story on GRC.com before.  This  
> guy was
> actively being attacked and located the live botnet and still  
> couldn't get
> the authorities to do anything (IIRC).  Has anything changed since  
> then?

If you are a university, there is UNISOG (unisog.org), which is a  
closed group of infosec people working at depts all over the world  
and sharing information.

As for corporations, not sure. The problem with that is once you  
start handing that information out, it's also there for the C&C  
owners to use. "Oh, that one's been discovered and is being blocked  
by lots of people, time to pop another box and shift controllers."

As for companies that are actually hosting botnets... the BBB? ;-)
--
Bryan Allen
bda () mirrorshades net
http://bda.mirrorshades.net
Cyberpunk is dead. Long live cyberpunk.