To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- On Thursday 16 March 2006 22:57, Hubbard, Dan wrote: > I am coming late into this one, but what about HTTP/S for C&C ? I think encrypted is a step forward in sophistication, but HTTP still presents the basic problem of a central point of failure. The biggest worry for a bot farmer is being caught & shutdown (IMHO).
Also, (though I am not completely clear on what you mean by HTTP), HTTP wouldn't allow commands to be sent and responded to right away like on IRC. Good way to obfuscate traffic though. You could never block HTTP traffic. You could probably almost never create a good generic SNORT signature to detect it, either. Craig _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
