North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: [nanog] RE: short Botnet list and Cashing in on DoS

  • From: Dan Mahoney, System Admin
  • Date: Thu Oct 07 12:09:43 2004

On Thu, 7 Oct 2004, Hannigan, Martin wrote:

-----Original Message-----
From: [email protected] [mailto:[email protected]]On Behalf Of
J. Oquendo
Sent: Thursday, October 07, 2004 1:11 AM
To: [email protected]
Subject: short Botnet list and Cashing in on DoS

I've been slowly compiling a list of known botnets should
anyone care to filter, or check them in your netblocks if
someone in your
range is passing off garbage, etc. Information has been
passed from others
admins having to deal with these pest. Care to pass on a host
that you're
seeing I'll post it for others to see as well. Perhaps when I have
spare time, I may or may not throw up something where admins
can check,
add, hosts they're seeing. Don't know if I want my connection getting
toasted for doing so, but it could be something informative, a-la
spamhaus. Bothaus anyone?

The problem with that is the list rapidly updates
and must be maintained with some level of frequency
and there's a level of trust involved in it as well.

Going after the bots is lesser effort. The controllers are
a priority.
And it's in this arena that honeypots become most valuable, although if I personally were going to do something like this, I'd be logged in from a login from a login over a netzero dialup over a previously-discovered open-proxy.

The beauty is that script-kiddies aren't that intelligent.



Martin Hannigan                         (c) 617-388-2663
VeriSign, Inc.                          (w) 703-948-7018
Network Engineer IV                       Operations & Infrastructure
[email protected]


"It doesn't matter where I live, because I live in dataspace.  That's my

-Steve Roberts, Builder of BEHEMOTH

--------Dan Mahoney--------
Techie,  Sysadmin,  WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144   AIM: LarpGM