Hello, Can anyone on this list provide botnet network traffic for analysis, or Ip’s which have been infected. -- Sincerely; James Smith CEO, CEH, Security Analyst Email: james@smithwaysecurity.com Phone: 1877-760-1953 Website: www.SmithwaySecurity.com CONFIDENTIALITY NOTICE: This communication with its contents may contain confidential and/or legally privileged information. It is solely for the use of the intended recipient(s). Unauthorized interception, review, use or disclosure is prohibited and may violate applicable laws including the Electronic Communications Privacy Act. If you are not the intended recipient, please contact the sender and destroy all copies of the communication. - This communication is confidential to the parties it was intended to serve -
On Thu, Feb 23, 2012 at 17:17, James Smith <james@smithwaysecurity.com> wrote:
Can anyone on this list provide botnet network traffic for analysis, or Ip’s which have been infected.
Have you considered contacting Team Cymru or Shadowserver? As far as I know, they are the two major groups who collect this sort of information on a non-local scale. I believe Team Cymru at least has someone who follows NANOG.. The largest issue here is going to be trust -- it is highly unlikely your just going to get huge dumps of useful information, especially if your intentions are for-profit. Best of luck. -- Darius Jahandarie
Thank you, this will be helpful. -----Original Message----- From: Darius Jahandarie Sent: Thursday, February 23, 2012 6:26 PM To: James Smith Cc: nanog@nanog.org Subject: Re: Botnet Traffic On Thu, Feb 23, 2012 at 17:17, James Smith <james@smithwaysecurity.com> wrote:
Can anyone on this list provide botnet network traffic for analysis, or Ip’s which have been infected.
Have you considered contacting Team Cymru or Shadowserver? As far as I know, they are the two major groups who collect this sort of information on a non-local scale. I believe Team Cymru at least has someone who follows NANOG.. The largest issue here is going to be trust -- it is highly unlikely your just going to get huge dumps of useful information, especially if your intentions are for-profit. Best of luck. -- Darius Jahandarie
On Thu, 23 Feb 2012 18:17:38 -0400 "James Smith" <james@smithwaysecurity.com> wrote:
Can anyone on this list provide botnet network traffic for analysis, or Ip’s which have been infected.
Hi James, Normally few people are going to be unwilling to provide such a thing, at least for live or recently active botnets to the general public. In essence, few people like to spread that sort of dirty laundry around to anyone who comes asking in a public forum. However, there is some public data available in various locations. For instance, the Dragon Research Group (DRG) provides some public data it sees on the well known HTTP, VNC and SSH ports. The SSH report is primarily compiled from random SSH brute force spreading worms. <http://dragonresearchgroup.org/insight/> Note, I'm one of the DRG volunteers. You can browse around the SANS ISC reports and get an idea of what they see from various hosts and networks too. <http://isc.sans.edu/reports.html> I'm not involved with that organization. Lenny Zeltser has a page detailing where you might get some sample malware to research: <http://zeltser.com/combating-malicious-software/malware-sample-sources.html> There are likely many other sources of info if you dig around, but you may be better off asking in another forum where security, rather than networking is the major theme. Feel free to contact me off list and I'll see if I can help introduce you to the appropriate venues. John
participants (3)
-
Darius Jahandarie -
James Smith -
John Kristoff