To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ----------
There have been some off list requests for reading material and tools for bot snooping. I'm going to just provide a bunch of links, hopefully you'll research them on your own and figure out how they can help you.
Reading Material: For beginners: http://www.shadowserver.org/whitepapers/Botnets.pdf For the more advanced crowd: http://www.honeynet.org/papers/bots/ http://www.cert.org/archive/pdf/Botnets.pdf Tools: Qemu: (Virtual Emulator/Machine Software) http://www.qemu.org/ VMware: (Virtual Machine Software) http://www.vmware.com/ Packet Capture Utilities: http://www.ethereal.com/ (Grapical pcap utility) http://www.tcpdump.org/ (text based pcap utility) http://monkey.org/~jose/software/flowgrep/ (utility to pull data out of pcaps) http://ngrep.sourceforge.net/ (another utility to pull data out of pcaps) Intruder (Botnet Snoop Client): http://www.shadowserver.org/release/intruder-v1.4.tar.gz MultiPot (Honeypot malware collection on win32) http://labs.idefense.com/labs-software.php?show=9 Nepenthes (honeypot malware collection on linux/bsd) http://nepenthes.mwcollect.org Malcode Analysis Kit: http://labs.idefense.com/labs-software.php?show=8 SysAnalyzer: http://labs.idefense.com/labs-software.php?show=15 OllyDbg (Debugger/Disassembler): http://www.ollydbg.de/ If you have more links or reading material, please reply on list so everyone can learn. -- Nicholas Albright Founder of Shadowserver.org http://www.shadowserver.org
pgpRwa7ApPaMK.pgp
Description: PGP signature
_______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
