Re: Dismantling Botnets?

From: Bryan Allen (
Date: 10/19/05

  • Next message: "Re: RE: Odd Increase in Malformed Packets Aimed at Port 0"
    Date: Wed, 19 Oct 2005 12:42:19 -0400

    On Oct 18, 2005, at 10:58 PM, wrote:

    > Is there a place where current information can be given and it will
    > truly
    > be investigated and action will be taken? For example, in the past
    > few
    > days I have come across multiple botnets of 30,000-50,000 on each
    > server.
    > In one case I even suspect that the hosting provider might be
    > facilitating
    > the activity. For that reason alone I have avoided reporting this
    > to the
    > hosting provider. Is there a government source that actually takes
    > the
    > information, investigates it, and will actually make something
    > happen? I
    > think many of us have read the DDoS story on before. This
    > guy was
    > actively being attacked and located the live botnet and still
    > couldn't get
    > the authorities to do anything (IIRC). Has anything changed since
    > then?

    If you are a university, there is UNISOG (, which is a
    closed group of infosec people working at depts all over the world
    and sharing information.

    As for corporations, not sure. The problem with that is once you
    start handing that information out, it's also there for the C&C
    owners to use. "Oh, that one's been discovered and is being blocked
    by lots of people, time to pop another box and shift controllers."

    As for companies that are actually hosting botnets... the BBB? ;-)

    Bryan Allen
    Cyberpunk is dead. Long live cyberpunk.

  • Next message: "Re: RE: Odd Increase in Malformed Packets Aimed at Port 0"