Botnet Reporting

[Carl Jongsma <info () skiifwrald com>]

Long time lurker, first time poster.

The discussion on Botnet reporting threw up some interesting points,  
which warrant more investigation.

The idea of a centralised collection of Botnet information sounds  
great.  That sounds like the sort of thing we should be able to  
create and host.  With appropriate access controls, it could become a  
valuable statistics / handling site for botnets and drones (could  
consider it analogous to the Zone-h defacement archive).  Our initial  
concept is as follows;

- User accounts mandatory for access to detailed information (IP  
addresses, who reported, ISPs affected)

- No advertising - Cost of support to be borne by us, and account  
subscription fees (to keep the kiddies / bot masters out) -  
Suggestion of fee settings welcome

- Web based archive with options for automated ISP notification (will  
need anti-spam measures to prevent automated spamming)

- User supplied listing of ISP / major network administrators /  
security teams (where the notifications will be sent), and rated  
responsiveness to notification.  This list alone would be a valuable  
asset, providing a realistic sense of what sort of response /  
reaction a report is likely to receive.

- ISP / administrator notifications can originate from our company  
(at least botnetlist () mycompany com), or by user who reports (users  
can choose to be anonymous when reporting).

- Authentication parameters for accessing botnet is protected  
information - releasable to affected ISP, and vetted users (i.e. not  
all users will have access to this information - to keep out the  
kiddies who have paid their fees for full access, and limits risk  
exposure).

- Dedicated subdomain to be set up to manage and control the list  
(skiifwrald.com will shortly be changed to a more appropriate domain).

Thoughts, suggestions, criticism?

Sincerely,


Carl Jongsma
info () skiifwrald com
Sûnnet Beskerming Pty. Ltd.
Adelaide, Australia
http://www.skiifwrald.com/sunnet

Jongsma & Jongsma Pty. Ltd.

Established in mid 2004, Jongsma & Jongsma Pty. Ltd. is a pure  
Research and Development company focussing on advanced software and  
hardware concepts.  Since inception, Jongsma & Jongsma Pty. Ltd. has  
already developed software tools for advanced user and security  
management in web applications, data protection, and effective  
phishing defences for financial companies.

Sûnnet Beskerming Pty. Ltd.

Established in mid 2004, Sûnnet Beskerming Pty. Ltd. is the sister  
company to Jongsma & Jongsma Pty. Ltd., and was formed to develop and  
commercialise the research coming out of Jongsma & Jongsma Pty. Ltd..  
Sûnnet Beskerming Pty. Ltd. is an Information Security specialist  
and, in conjunction with the tools developed by Jongsma & Jongsma  
Pty. Ltd., provides total security solutions and services, from the  
perimeter to internal data stores, including web application security  
and security testing and analysis.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.