To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- DJD wrote: > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > ---------- > Hi list!! > > I would like to know how many zombie hosts are within my network... > What about a sink hole network?
Sinkholes are great. I don't think they are the best solution for you but it may work. Quarantining users by using netflow/abuse complaints/IDS signatures/spam abuse/other reports might be better: Some PRODUCTS, PRO and AGAINST links from people on quarantining of infected users, thanks to all those who shared so far! Products (haven't tried or verified them myself): http://www.rommon.com/sandbox.html http://www.quarantainenet.nl/ http://www.forescout.com/index.php?url=products§ion=counteract Other: Eric Gauthier's Ethernet-oriented quarantine system (from NANOG in 2003): http://www.nanog.org/mtg-0402/gauthier.html Other choice papers from Jose's blog: http://www.iab.org/documents/docs/2003-10-18-edge-filters.html http://www.csl.sri.com/users/linda/bibs/publications/mmsm2005.pdf http://www.csl.sri.com/papers/sri-csl-2005-03/ http://www.cs.wfu.edu/~fulp/Papers/iiaw05t.pdf http://www.icir.org/vern/worm04/porras.pdf http://www.icir.org/vern/worm04/xiong.pdf http://www.cs.rpi.edu/research/pdf/05-01.pdf Gadi. _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
