Re: IRC DDoS bots

From: Jon Nelson (quincy@linuxnotes.net)
Date: 03/17/03

  • Next message: root: "RE: CodeRed Observations. ##" 
    Date: Mon, 17 Mar 2003 08:22:51 -0500 (EST)
From: "Jon Nelson" <quincy@linuxnotes.net>
To: <incidents@securityfocus.com>

    Johannes Ullrich said:
    > O
    >> It's another mIRC based DDoS trojan that scans for NT-Password and IIS
    >> unicode exploits.
    >> So the next questions is... How do we go about apprehending the
    >> culprits? Can we somehow get wxmail.net revoked?
    >
    > IRC bots are a common plague. We do play 'whack the bot' once in a while
    > if we find out about it. So far, I have yet to see a case successfully
    > prosecuted.

    If you can find a case where the bot and the victim are in the same state
    you could try contacting your state police for assistance. The majority
    of state police agencies have Computer Crime Units/Task Forces, who would
    most likley be interested in these cases.

    Even if the bot and victim aren't in the same state you might want to
    contact them anyway, because it doesn't hurt to ask.

    As fas prosecution, Pennsylvania recently enacted new computer crime laws
    and one specifically addresses DOS attacks. Here are the laws:

    http://www.legis.state.pa.us/2001_0/sb1402p2429.htm

    Jon 

    -- 
Trooper Jon S. Nelson, Linux Certified Admin.
Pa. State Police, Bureau of Criminal Investigation
Computer Crimes Unit
Work: 610.344.4471 Page: 866.284.1603
jonelson@state.pa.us
----------------------------------------------------------------------------
<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
  • Next message: root: "RE: CodeRed Observations. ##"