To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
- -- Tom <[EMAIL PROTECTED]> wrote: >I think you missed the point. They have not only 100's of zombied IPs that serve up http for drugs, phish, porn, etc. but they have hundreds of zombied machines that do DNS for them as well. > Yep -- we call 'em "fast flux". For example, see: http://cert.uni-stuttgart.de/stats/dns-replication.php?query=differbe.hk&su bmit=Query And then pick out one of the IPs, for example: http://cert.uni-stuttgart.de/stats/dns-replication.php?query=69.157.10.64&s ubmit=Query You could keep this up for a while. :-) The real issue here is getting the various registrars to respond to abuse issues -- some of them are not-so-helpful... - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) wj8DBQFGQgsUq1pz9mNUZTMRAvLCAKD41GRv0I3+v9nVe3F1nWZRfu4LUgCghfH+ /uz7gy+mAkJsvBEMNJrQJDo= =hZgS -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
