lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <725959807.20050314064049@phreaker.net>
From: mastah at phreaker.net (Egoist)
Subject: Know Your Enemy: Tracking Botnets

Hello pingywon,

Monday, March 14, 2005, 6:22:43 AM, you wrote:

p> haha .. I didnt think anyone was REALLY named Thorsten

p> ... I mean good paper....

p> ~pingywon


p> ----- Original Message ----- 
p> From: "Thorsten Holz" <thorsten.holz@...eg.rwth-aachen.de>
p> To: "dailydave" <dailydave@...ts.immunitysec.com>;
p> <honeypots@...urityfocus.com>; <full-disclosure@...ts.grok.org.uk>
p> Sent: Sunday, March 13, 2005 10:08 PM
p> Subject: [Full-disclosure] Know Your Enemy: Tracking Botnets


>> Greetings,
>>
>> The  Honeynet Project and Research Alliance is excited to announce the
>> release of a new paper "KYE: Tracking Botnets". This paper is based on
>> the extensive research by the German Honeynet Project.
>>
>>     KYE: Tracking Botnets
>>     http://www.honeynet.org/papers/bots/
>>
>> Abstract:
>> ---------
>>
>> Honeypots are a well known technique for discovering the tools, tactics,
>> and motives of attackers. In this paper we look at a special kind of
>> threat: the individuals and organizations who run botnets. A botnet is a
>> network of compromised machines that can be remotely controlled by an
>> attacker. Due to their immense size (tens of thousands of systems can be
>> linked together), they pose a severe threat to the community. With the
>> help of honeynets we can observe the people who run botnets - a task
>> that is difficult using other techniques. Due to the wealth of data
>> logged, it is possible to reconstruct the actions of attackers, the
>> tools they use, and study them in detail. In this paper we take a closer
>> look at botnets, common attack techniques, and the individuals involved.
>>
>> We start with an introduction to botnets and how they work, with
>> examples of their uses. We then briefly analyze the three most common
>> bot variants used. Next we discuss a technique to observe botnets,
>> allowing us to monitor the botnet and observe all commands issued by the
>> attacker. We present common behavior we captured, as well as statistics
>> on the quantitative information learned through monitoring more than one
>> hundred botnets during the last few months. We conclude with an overview
>> of lessons learned and point out further research topics in the area of
>> botnet-tracking, including a tool called mwcollect2 that focuses on
>> collecting malware in an automated fashion.
>>
>> Thank you for your time,
>>    Thorsten Holz, on behalf of the GHP
>> (http://www-i4.informatik.rwth-aachen.de/lufg/honeynet)
>>
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://www.secunia.com/
>>
p> _______________________________________________
p> Full-Disclosure - We believe in it.
p> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
p> Hosted and sponsored by Secunia - http://www.secunia.com/

lol i am too

shit my botnet just increases in size wow

-- 
Best regards,
 Egoist                            mailto:mastah@...eaker.net



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ