lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: pingywon at hotmail.com (pingywon)
Subject: Know Your Enemy: Tracking Botnets

haha .. I didnt think anyone was REALLY named Thorsten

... I mean good paper....

~pingywon


----- Original Message ----- 
From: "Thorsten Holz" <thorsten.holz@...eg.rwth-aachen.de>
To: "dailydave" <dailydave@...ts.immunitysec.com>;
<honeypots@...urityfocus.com>; <full-disclosure@...ts.grok.org.uk>
Sent: Sunday, March 13, 2005 10:08 PM
Subject: [Full-disclosure] Know Your Enemy: Tracking Botnets


> Greetings,
>
> The  Honeynet Project and Research Alliance is excited to announce the
> release of a new paper "KYE: Tracking Botnets". This paper is based on
> the extensive research by the German Honeynet Project.
>
>     KYE: Tracking Botnets
>     http://www.honeynet.org/papers/bots/
>
> Abstract:
> ---------
>
> Honeypots are a well known technique for discovering the tools, tactics,
> and motives of attackers. In this paper we look at a special kind of
> threat: the individuals and organizations who run botnets. A botnet is a
> network of compromised machines that can be remotely controlled by an
> attacker. Due to their immense size (tens of thousands of systems can be
> linked together), they pose a severe threat to the community. With the
> help of honeynets we can observe the people who run botnets - a task
> that is difficult using other techniques. Due to the wealth of data
> logged, it is possible to reconstruct the actions of attackers, the
> tools they use, and study them in detail. In this paper we take a closer
> look at botnets, common attack techniques, and the individuals involved.
>
> We start with an introduction to botnets and how they work, with
> examples of their uses. We then briefly analyze the three most common
> bot variants used. Next we discuss a technique to observe botnets,
> allowing us to monitor the botnet and observe all commands issued by the
> attacker. We present common behavior we captured, as well as statistics
> on the quantitative information learned through monitoring more than one
> hundred botnets during the last few months. We conclude with an overview
> of lessons learned and point out further research topics in the area of
> botnet-tracking, including a tool called mwcollect2 that focuses on
> collecting malware in an automated fashion.
>
> Thank you for your time,
>    Thorsten Holz, on behalf of the GHP
> (http://www-i4.informatik.rwth-aachen.de/lufg/honeynet)
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://www.secunia.com/
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ