lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4235ECB0.9050504@mmweg.rwth-aachen.de>
From: thorsten.holz at mmweg.rwth-aachen.de (Thorsten Holz)
Subject: Re: Know Your Enemy: Tracking Botnets
	(ThorstenHolz)

Egoist wrote:

> VKve> Have to admit, for such a lame tool as agobot, it's certainly 
> nailed a lot VKve> of systems. ;)
> 
> Lot of systems? Where you get that statistic ? How do u analyze that?
> 
One possible way to estimate this is taking a look at logfiles: For
example, Agobot performs a speed test on startup. One of the domains for
this test is www.belwue.de. So if you are in the lucky position and are
admin for this domain, just take a look how often this speed test is
performed (HTTP POST of file with size of 1MB). In Mai 2004, about
300,000 IP addresses could be identified per _day_ in this way. Even if
you take doubles into account, I would say that it nailed a lot of
systems :-)

Reference: 12th DFN-CERT Workshop (http://www.dfn-cert.de/events/ws/2005)

Cheers,
   Thorsten

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ