lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <828335942.20050314212226@phreaker.net>
From: mastah at phreaker.net (Egoist)
Subject: Re: Know Your Enemy: Tracking Botnets
	(ThorstenHolz)

Hello Valdis,

Monday, March 14, 2005, 9:11:08 PM, you wrote:

VKve> On Mon, 14 Mar 2005 20:21:35 +0300, phased said:
>> 
>> no they didnt, shit paper, nothing new, absolute crap just publicity bollocks

VKve> (I haven't actually read the paper in question yet, but still..)

VKve> Notice that often, a "nothing new" paper can still be important just due to
VKve> readability by an audience other than the technical geeks.  For example, it's
VKve> been *years* since "Smashing the stack for fun and profit" made it all clear
VKve> for the bitheads among us - but would you give it to your upper management as
VKve> justification for a project?  No, you'd need to find a white paper that had
VKve> "nothing new" in it, but which stated it in a way that the threat becomes clear
VKve> even to a manager.  And writing something that's accessible by a *novice*
VKve> sysadmin that has maybe a year or two experience is an entirely different skill....

VKve> In fact, for some stuff like the FBI/SANS Top 20 we do every year, or the
VKve> Center for Internet Security benchmarks, if something is "new", it's almost
VKve> certainly out of scope - when I did a very early draft of what Hal Pomeranz
VKve> ended up making into the CIS Solaris benchmark, "Have I heard this point enough
VKve> times I want to gag" was one of the clearest indicators that something should
VKve> be in the guidelines...


> >> We start with an introduction to botnets and how they work, with
they work perfectly if coded not by kids, they use crypted
communication, most of them moving to p2p technology to eliminate
servers
i dont say about that lame toolz like agobot and friends
> >> examples of their uses. We then briefly analyze the three most common
> >> bot variants used. Next we discuss a technique to observe botnets,
technique to observe botnets: run vmware, goto sexocean.com, surf
porno, infect yourself, run tcpdump, spend months to understand
protocols, disassemble, try to reconstruct source code.
> >> allowing us to monitor the botnet and observe all commands issued by
the
> >> attacker. We present common behavior we captured, as well as statistics
wow really u can?
> >> on the quantitative information learned through monitoring more than
one
> >> hundred botnets during the last few months. We conclude with an
overview
> >> of lessons learned and point out further research topics in the area of
> >> botnet-tracking, including a tool called mwcollect2 that focuses on
> >> collecting malware in an automated fashion.

i think i should impelemnt fakemalware.c and fakemalware.h today, so
kill your "technique" in automated fashion

-- 
Best regards,
 Egoist                            mailto:mastah@...eaker.net



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ