North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: [nanog] RE: short Botnet list and Cashing in on DoS
On Thu, 7 Oct 2004, Hannigan, Martin wrote:
And it's in this arena that honeypots become most valuable, although if I personally were going to do something like this, I'd be logged in from a login from a login over a netzero dialup over a previously-discovered open-proxy.-----Original Message----- From: [email protected] [mailto:[email protected]]On Behalf Of J. Oquendo Sent: Thursday, October 07, 2004 1:11 AM To: [email protected] Subject: short Botnet list and Cashing in on DoS I've been slowly compiling a list of known botnets should anyone care to filter, or check them in your netblocks if someone in your range is passing off garbage, etc. Information has been passed from others admins having to deal with these pest. Care to pass on a host that you're seeing I'll post it for others to see as well. Perhaps when I have spare time, I may or may not throw up something where admins can check, add, hosts they're seeing. Don't know if I want my connection getting toasted for doing so, but it could be something informative, a-la spamhaus. Bothaus anyone? http://www.infiltrated.net/sdbot-irc-servers.txtThe problem with that is the list rapidly updates and must be maintained with some level of frequency and there's a level of trust involved in it as well. Going after the bots is lesser effort. The controllers are a priority.
The beauty is that script-kiddies aren't that intelligent.
-M< -- Martin Hannigan (c) 617-388-2663 VeriSign, Inc. (w) 703-948-7018 Network Engineer IV Operations & Infrastructure [email protected]
-- "It doesn't matter where I live, because I live in dataspace. That's my hometown." -Steve Roberts, Builder of BEHEMOTH --------Dan Mahoney-------- Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org ---------------------------