On Thu, 7 Oct 2004, Hannigan, Martin wrote:
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of J. Oquendo Sent: Thursday, October 07, 2004 1:11 AM To: nanog@merit.edu Subject: short Botnet list and Cashing in on DoS
I've been slowly compiling a list of known botnets should anyone care to filter, or check them in your netblocks if someone in your range is passing off garbage, etc. Information has been passed from others admins having to deal with these pest. Care to pass on a host that you're seeing I'll post it for others to see as well. Perhaps when I have spare time, I may or may not throw up something where admins can check, add, hosts they're seeing. Don't know if I want my connection getting toasted for doing so, but it could be something informative, a-la spamhaus. Bothaus anyone?
The problem with that is the list rapidly updates and must be maintained with some level of frequency and there's a level of trust involved in it as well.
Going after the bots is lesser effort. The controllers are a priority.
And it's in this arena that honeypots become most valuable, although if I personally were going to do something like this, I'd be logged in from a login from a login over a netzero dialup over a previously-discovered open-proxy. The beauty is that script-kiddies aren't that intelligent. -Dan
-M<
-- Martin Hannigan (c) 617-388-2663 VeriSign, Inc. (w) 703-948-7018 Network Engineer IV Operations & Infrastructure hannigan@verisign.com
-- "It doesn't matter where I live, because I live in dataspace. That's my hometown." -Steve Roberts, Builder of BEHEMOTH --------Dan Mahoney-------- Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org ---------------------------