funsec mailing list archives
Re: Botnet Reporting
From: Gadi Evron <ge () linuxbox org>
Date: Wed, 08 Feb 2006 16:48:10 +0200
Carl Jongsma wrote:
Long time lurker, first time poster.The discussion on Botnet reporting threw up some interesting points, which warrant more investigation.The idea of a centralised collection of Botnet information sounds great. That sounds like the sort of thing we should be able to create and host. With appropriate access controls, it could become a valuable statistics / handling site for botnets and drones (could consider it analogous to the Zone-h defacement archive). Our initial concept is as follows;- User accounts mandatory for access to detailed information (IP addresses, who reported, ISPs affected)- No advertising - Cost of support to be borne by us, and account subscription fees (to keep the kiddies / bot masters out) - Suggestion of fee settings welcome- Web based archive with options for automated ISP notification (will need anti-spam measures to prevent automated spamming)- User supplied listing of ISP / major network administrators / security teams (where the notifications will be sent), and rated responsiveness to notification. This list alone would be a valuable asset, providing a realistic sense of what sort of response / reaction a report is likely to receive.- ISP / administrator notifications can originate from our company (at least botnetlist () mycompany com), or by user who reports (users can choose to be anonymous when reporting).- Authentication parameters for accessing botnet is protected information - releasable to affected ISP, and vetted users (i.e. not all users will have access to this information - to keep out the kiddies who have paid their fees for full access, and limits risk exposure).- Dedicated subdomain to be set up to manage and control the list (skiifwrald.com will shortly be changed to a more appropriate domain).Thoughts, suggestions, criticism?
Only good luck. There is always a place for more people to fight this fight.There are 2 groups currently doing exactly this, though. If you choose to be a third I will help any way I can, otherwise you may choose to join one of these or pick a fight no one is fighting.
:) Gadi. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Botnet Reporting Carl Jongsma (Feb 08)
- Re: Botnet Reporting Gadi Evron (Feb 08)
- Re: Botnet Reporting Mike Johnson (Feb 08)
- Re: Botnet Reporting Gadi Evron (Feb 08)
- Re: Botnet Reporting Mike Johnson (Feb 08)
- Re: Botnet Reporting Gadi Evron (Feb 08)