RE: Botnet hunting resources

["Bradley Freeman" <bradley.freeman () csirt ja net>]

I surprised that nobody has mentioned the work of shadowserver.org, they are
able to send reports of malware infections on your networks (see
http://www.shadowserver.org/wiki/pmwiki.php/Services/Reports). The service
has proved to a brilliant tool in mitigating various forms of malware such
as Conficker with almost 0% false positives.

Cheers

Bradley

-----Original Message-----
From: Jack Bates [mailto:jbates () brightok net] 
Sent: 11 August 2009 14:11
To: J.D. Falk
Cc: NANOG
Subject: Re: Botnet hunting resources

J.D. Falk wrote:
> Hi, Luke!  MAAWG recently published a document to help ISPs deal with 
> infected machines in their networks.  It's not the same kind of 
> pressure, but (as we learned with open relays at MAPS) pressure isn't 
> very effective unless there are tools available to deal with the problem.

It could also use a lot more resources? Watching traffic flows for 
traffic destined to known C&C addresses is nice, but including a pointer 
to a resource that actually gives those addresses is much more useful. 
For those who don't deal with it every day, the document just says they 
need to spend even more time with google.


Jack