To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
----------
On Fri, 10 Mar 2006, dan wrote:
> Hah.. thats a pretty good idea. Put some BS DNS entries in your DNS
> server and setup a fake irc server, almost like a reverse honeypot. Have
> the bot connect in, and watch the packets to see what irc parameters are
> sent (channel, key, etc.. assuming they're not encrypted). If it plays
> out, you should have a decent profile for the bot.
iDefense has some tools that should help you out (i'm not affiliated with
'em, btw):
http://labs.idefense.com/labs-software.php?show=9
http://labs.idefense.com/labs-software.php?show=8
you should be able to redirect the host via DNS and connect it to a fake
IRC server and log information it's sending.
hope this helps,
________
jose nazario, ph.d. [EMAIL PROTECTED]
http://monkey.org/~jose/ http://infosecdaily.net/
http://www.wormblog.com/
_______________________________________________
botnets mailing list
To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
