To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
----------
Gadi Evron wrote:
> To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
> ----------
> I'd like to quote Joe, for historical purposes:
>
> Obviously there is money being made here - the economics of exploiting
> end-user systems for the purposes of spam has been an established business
> model for at least four years now.
Perhaps its been longer than that. Maybe its just been noticed within the past
four who knows.
Anyhow, its surprising that some software vendor hasn't upped the ante here and
begun to block offending IP addresses associated with these C&C's. How
difficult would it be to say create a scripted module that "greps" out the IP
addressing from these bots, and takes that IP address, firewalls it out from
their subnet.
Eg:
Supposing my logfiles alert me with an IP and port which looks like:
192.168.1.10:18607
10.1.20.123:32312
120.120.110.110:18607
awk '/18607/{gsub (/:/," ");print "iptables -A INPUT -p tcp -j DROP -s", $1}'
logfiles|xargs exec
Or pick your favorite script... Anyhow, I'm sure most understand what I'm
getting to. Sure this only works on networks where ipchains is used, but I can
think of plenty of ways to filter these issues before they infest your
network...
What I still find strange, and I guess I will be an odd man out is, why
providers are so reluctant to get off their rears and address these issues.
Let's be realistic who on the planet is using port 18607. I know if I was still
in the ISP business and I saw these obscure ass ports, they'd be filtered. Last
thing I need would be some crazy ass code red like worm taking my network down.
It's surprising most engineers (and you lazy bums know who you are) allow
stupidity. I guess the Forest Gump rule applies stupid is as stupid does.
Gadi by the way, I know a few years back (I don't know maybe 2 or so around the
SDBot days... Hell I don't even know if you recall) I had intended on helping
with this project (Botnet). Apologies I've been off and on, but I relocated,
etc., etc. If you need anything give a holler.
====================================================
J. Oquendo
sil . infiltrated @ net http://www.infiltrated.net
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743
26:0608031813:J. Oquendo::fNaE6zH/HDTggYKS:005zLMj
The happiness of society is the end of government.
John Adams
_______________________________________________
To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
All list and server information are public and available to law enforcement
upon request.
http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
