[74586] in North American Network Operators' Group
Re: [nanog] RE: short Botnet list and Cashing in on DoS
daemon@ATHENA.MIT.EDU (Dan Mahoney, System Admin)
Thu Oct 7 12:07:18 2004
Date: Thu, 7 Oct 2004 12:06:43 -0400 (EDT)
From: "Dan Mahoney, System Admin" <danm@prime.gushi.org>
To: "Hannigan, Martin" <hannigan@verisign.com>
Cc: nanog@merit.edu
In-Reply-To: <6A8CA21E339F634E96E13AB97D73227503BD53A8@pro1wnexc01.vcorp.ad.vrsn.com>
Errors-To: owner-nanog-outgoing@merit.edu
On Thu, 7 Oct 2004, Hannigan, Martin wrote:
>
>
>
>> -----Original Message-----
>> From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of
>> J. Oquendo
>> Sent: Thursday, October 07, 2004 1:11 AM
>> To: nanog@merit.edu
>> Subject: short Botnet list and Cashing in on DoS
>>
>>
>>
>>
>>
>> I've been slowly compiling a list of known botnets should
>> anyone care to filter, or check them in your netblocks if
>> someone in your
>> range is passing off garbage, etc. Information has been
>> passed from others
>> admins having to deal with these pest. Care to pass on a host
>> that you're
>> seeing I'll post it for others to see as well. Perhaps when I have
>> spare time, I may or may not throw up something where admins
>> can check,
>> add, hosts they're seeing. Don't know if I want my connection getting
>> toasted for doing so, but it could be something informative, a-la
>> spamhaus. Bothaus anyone?
>>
>> http://www.infiltrated.net/sdbot-irc-servers.txt
>>
>
>
> The problem with that is the list rapidly updates
> and must be maintained with some level of frequency
> and there's a level of trust involved in it as well.
>
> Going after the bots is lesser effort. The controllers are
> a priority.
And it's in this arena that honeypots become most valuable, although if I
personally were going to do something like this, I'd be logged in from a
login from a login over a netzero dialup over a previously-discovered
open-proxy.
The beauty is that script-kiddies aren't that intelligent.
-Dan
>
>
> -M<
>
> --
> Martin Hannigan (c) 617-388-2663
> VeriSign, Inc. (w) 703-948-7018
> Network Engineer IV Operations & Infrastructure
> hannigan@verisign.com
>
--
"It doesn't matter where I live, because I live in dataspace. That's my
hometown."
-Steve Roberts, Builder of BEHEMOTH
--------Dan Mahoney--------
Techie, Sysadmin, WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144 AIM: LarpGM
Site: http://www.gushi.org
---------------------------
