To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- Hi list!!
I would like to know how many zombie hosts are within my network... What about a sink hole network? I couldn't detect a new botnet in that way... but could I be aware of how many host are being used by each botnet (detected previously) within my network (without having a sensor in each segment of my network /16) by a configuration into the DNS to resolve de domain into the sink hole network.??? The idea is that the IP resolved by the DNS can even have an IRC, HTTP etc (the same as the original C&C server) in order to simulate the botnet and even send a "remove" command to stop the malware process in the zombie host. Do you see it as a feasible solution to minimize the number of zombies in my network?? I know it wouldn't stop the infection or any external or internal compromise, but right now I would like to stop the use of our hosts for ilegal proposes.. -- ------------------ DJD _ _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
