nanog mailing list archives
RE: Botnet hunting resources
From: "Bradley Freeman" <bradley.freeman () csirt ja net>
Date: Tue, 11 Aug 2009 14:36:51 +0100
I surprised that nobody has mentioned the work of shadowserver.org, they are able to send reports of malware infections on your networks (see http://www.shadowserver.org/wiki/pmwiki.php/Services/Reports). The service has proved to a brilliant tool in mitigating various forms of malware such as Conficker with almost 0% false positives. Cheers Bradley -----Original Message----- From: Jack Bates [mailto:jbates () brightok net] Sent: 11 August 2009 14:11 To: J.D. Falk Cc: NANOG Subject: Re: Botnet hunting resources J.D. Falk wrote:
Hi, Luke! MAAWG recently published a document to help ISPs deal with infected machines in their networks. It's not the same kind of pressure, but (as we learned with open relays at MAPS) pressure isn't very effective unless there are tools available to deal with the problem.
It could also use a lot more resources? Watching traffic flows for traffic destined to known C&C addresses is nice, but including a pointer to a resource that actually gives those addresses is much more useful. For those who don't deal with it every day, the document just says they need to spend even more time with google. Jack
Current thread:
- RE: Botnet hunting resources (was: Re: DOS in progress ?), (continued)
- RE: Botnet hunting resources (was: Re: DOS in progress ?) Frank Bulk (Aug 08)
- Re: Botnet hunting resources Joel Jaeggli (Aug 08)
- Re: Botnet hunting resources (was: Re: DOS in progress ?) goemon (Aug 08)
- Re: Botnet hunting resources (was: Re: DOS in progress ?) Luke S Crawford (Aug 10)
- Re: Botnet hunting resources (was: Re: DOS in progress ?) goemon (Aug 10)
- Re: Botnet hunting resources (was: Re: DOS in progress ?) Nathan Ward (Aug 10)
- Re: Botnet hunting resources (was: Re: DOS in progress ?) Jared Mauch (Aug 10)
- RE: Botnet hunting resources (was: Re: DOS in progress ?) Tomas L. Byrnes (Aug 10)
- Re: Botnet hunting resources Jack Bates (Aug 11)
- RE: Botnet hunting resources Bradley Freeman (Aug 11)
- RE: Botnet hunting resources Tomas L. Byrnes (Aug 11)