Re: Reporting botnets

[Reed Loden <reed () reedloden com>]

On Mon, 06 Feb 2006 17:42:29 -0500
Mike Johnson <mike () enoch org> wrote:

> So, as I was reporting an IRC server and a distribution server 
> (webserver hosting files for the bot) today I got to wondering if 
> there's some organization out there that collects statistics on these 
> and/or gets involved in handling of these reports.  So far, when I've 
> made the reports, the hosts involved are helpful in the resolution, but 
> I'm sure I'll run into a difficult one at some point (perhaps after I 
> start trying to report the ones in China).
>
> So, does such a beast exist?
>
> OBFunSec: Uh.  Hrm.  I got nothing.

As a long time IRCd/services developer and IRC operator/administrator on
several networks, I have spent many hours searching and trying to create a
way to ease reporting of drones.

My master plan would be to take RequestTracker
(http://bestpractical.com/rt/) along with the Incident Response module
(http://bestpractical.com/rtir/) and modify them to work
with reporting of drones. As a ticket is opened and drone info is stored
in a parent ticket, abuse reports (leaf tickets) could be automatically
spawned off to the appropriate people using the information from the
parent ticket. This would allow a fairly simple way of reporting and
seeing what ISPs reply to the reports sent out. I have envisioned it as a
global project for all IRC networks that are trustworthy enough to
participate (level of trust can be determined in alternate methods
depending on how the project proceeds).

Anyway, this is just a short overview of my thoughts. I really need some
web developers to collaborate on the project more closely. :)

Your fellow drone hunter/cleaner,
~reed

-- 
Reed Loden - <reed () reedloden com>
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.