PTR records are just as pointless as A records...
in a secured DNS heirarchy, this is less of an issue
We are not quite there yet, are we?
since you have to spoof the entire delegation chain.
so either trust the DNS (both forward and reverse)
or not. For
Adam Jacob Muller wrote:
Not possible with most modern IRCD's since they check forward and
reverse dns.
So for example if your address is:
1.2.3.4
and that resolves to:
1-2-3-4.dsl.verizon.net
the ircd make sure that:
1-2-3-4.dsl.verizon.net
resolves back to
1.2.3.4
it's a simple
http://www.albany.edu/~ja6447/hacked_bots8.txt
Isn't it a good idea to collect the IP addresses rather than the ptr
name? For instance, if I were an evil person in control of the ptr
record of my own IP, I could easily make the name something like
1-2-3-4.dsl.verizon.net, and if you didn't
On Fri, Feb 11, 2005 at 03:45:52PM +, Ketil Froyn wrote:
http://www.albany.edu/~ja6447/hacked_bots8.txt
Isn't it a good idea to collect the IP addresses rather than the ptr
name? For instance, if I were an evil person in control of the ptr
record of my own IP, I could easily make
Not possible with most modern IRCD's since they check forward and
reverse dns.
So for example if your address is:
1.2.3.4
and that resolves to:
1-2-3-4.dsl.verizon.net
the ircd make sure that:
1-2-3-4.dsl.verizon.net
resolves back to
1.2.3.4
it's a simple and elegant solution that basically
On Thu, 10 Feb 2005, Jim Popovitch wrote:
I don't know how relevant this is to your question, but since it was
part of the Subject here it goes: The botlist MUST have been
interesting to a sizable number of NANOG'ers. At least 305 people
(different IPs) downloaded the version that I
On Thu, Feb 10, 2005 at 12:09:48AM -0800, william(at)elan.net wrote:
However since there was shown enough of the interest from people on nanog@
to help in killing bots and knowing about it, may I suggest that people
who are doing the tracking setup the following:
For the DNSBLs that list
On 10 Feb 2005, at 10:03, [EMAIL PROTECTED] wrote:
On Thu, 10 Feb 2005 00:09:48 PST, william(at)elan.net said:
2. After that the person should be able to register (entering full
name and contact data and company he/she works) and can than get
access to see entire list of ip addresses for
Stephen J. Wilcox wrote:
Hi,
you probably didnt think of this but it might not be a good idea to publish a
list of 3000 computers than can be infected/taken over for further nastiness.
Collecting that kind of list on any machine on the public internet takes
only a day or so, so I don't think
Bill Nash wrote:
Various persons put forth some amount of effort to, graciously, give
other operators a heads up to the ongoing/potential abuse of their
networks, and you're concerned about topical relevance? Why aren't you,
Aside to if botnet issues were discussed here, it would flood the list
-Original Message-
From: Bill Nash [mailto:[EMAIL PROTECTED]
Sent: Wednesday, February 09, 2005 3:31 AM
To: Hannigan, Martin
Cc: [EMAIL PROTECTED]
Subject: RE: IRC Bot list (cross posting)
On Wed, 9 Feb 2005, Hannigan, Martin wrote:
[ snip ]
Various persons put forth some
On 02/09/05, Bill Nash [EMAIL PROTECTED] wrote:
And I'm not subscribed to either. Yet, I've no less than a /19 of space
under my purview and I don't believe that publishing botnet lists in the
manner that has been done is either off topic, or off charter. Some of us,
as hosting providers
On Wed, 09 Feb 2005 12:11:16 GMT, Ketil Froyn said:
http://www.albany.edu/~ja6447/hacked_bots8.txt
Isn't it a good idea to collect the IP addresses rather than the ptr
name? For instance, if I were an evil person in control of the ptr
record of my own IP, I could easily make the name
On Wed, 9 Feb 2005, Hannigan, Martin wrote:
out botnet lists to NANOG, fine by me. I never said I can
stop them. I just said I didn't want them as a subscriber.
I understand that you don't know where these existing
lists are. Look hard. If you suddenly care about bots
enough in the last 24 hours
--On Wednesday, February 09, 2005 11:28 +0200 Gadi Evron
[EMAIL PROTECTED] wrote:
Why is it a bad idea then? Because not all of us are Bill Nash who won't
pwn a user.
The same can easily be said for ANY public forum.
Why is it a bad idea then? Because not all of us are Bill Nash who won't
pwn a user.
The same can easily be said for ANY public forum.
Yes.
There's TWO places that are doing this botnet stuff and
the NANOG AUP discourages cross posting.
I for one certainly don't want yet another list full of
botnet stuff.
And I'm not subscribed to either. Yet, I've no less than a /19 of space
under my purview and I don't believe that
[ Edited and resent, the first appears to have vanished in transit ]
I concede the point that operational tracking of botnets doesn't belong here,
and I offer apologies to Martin, and the list in general, for not
counting to ten before replying to his email. However, simply suppressing
On Wed, 2005-02-09 at 22:04 -0800, Bill Nash wrote:
Moving to a more productive stance for this thread:
How many people have subbed in the past month? The past year? There's
stuff in the FAQ about what's directly relevent to this particular list,
but there are a million related sub-topics
Hi,
you probably didnt think of this but it might not be a good idea to publish a
list of 3000 computers than can be infected/taken over for further nastiness.
if you can privately send me a list of Ip addresses (no need to sort) i can
assist you to distribute this information securely?
Steve
Stephen J. Wilcox wrote:
Hi,
you probably didnt think of this but it might not be a good idea to publish a
list of 3000 computers than can be infected/taken over for further nastiness.
if you can privately send me a list of Ip addresses (no need to sort) i can
assist you to distribute this
On Tue, 2005-02-08 at 20:13 -0500, J. Oquendo wrote:
On Tue, 8 Feb 2005, Justin Azoff wrote:
I found an irc channel with 3000+ irc bots in it including a few hundred
edu's.
I have it posted at
http://www.albany.edu/~ja6447/hacked_bots8.txt
I started to sort them... Maybe I
On Tue, 2005-02-08 at 23:01 -0500, Jim Popovitch wrote:
Here's a different version of the above, host'ed, awk'ed and sorted.
NOTE: several of those hostnanes did not resolve, so this list is not an
exact duplicate.
http://jimpop.net/stuff/nanog-list-botlist-2005-02-08.sorted
If you grabed
Wasn't there supposed to be special mail list setup for botnet tracking?
If so can we please move this thread there and not continue it on main
nanog list...
--
William Leibzon
Elan Networks
[EMAIL PROTECTED]
You don't mass an army if you're not about to use it. This situation can
(very quickly) have operational relevance. Bringing it to light to a wider
forum than special interest groups is a good idea.
You'd certainly care more if it was pointed at you.
- billn
On Tue, 8 Feb 2005,
On Tue, 8 Feb 2005, Bill Nash wrote:
You don't mass an army if you're not about to use it.
3000 is no longer that large, maybe a brigade but not an army...
This situation can (very quickly) have operational relevance.
If every botnet investigation is brought up at nanog, the list
: Wasn't there supposed to be special mail list setup for botnet
: tracking?
:
: If so can we please move this thread there and not continue it on main
: nanog list...
Why worry? It's a done deal...
scott
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Bill Nash
Sent: Wednesday, February 09, 2005 12:37 AM
To: william(at)elan.net
Cc: [EMAIL PROTECTED]
Subject: Re: IRC Bot list (cross posting)
You don't mass an army if you're not about to use
On Wed, 9 Feb 2005, Hannigan, Martin wrote:
Bill, haven't we been here before? :)
There's TWO places that are doing this botnet stuff and
the NANOG AUP discourages cross posting.
I for one certainly don't want yet another list full of
botnet stuff.
And I'm not subscribed to either. Yet, I've no
29 matches
Mail list logo
