Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: What to do with bot networks
From: Paul Schmehl <pauls () utdallas edu>
Date: Fri, 03 Dec 2004 12:52:05 -0600

--On Friday, December 03, 2004 12:27:20 PM -0500 Conor Sibley <csibley () gmail com> wrote:

-Do I disable the network
This is a huge network that is likely used for DDOSing.  If you've
ever been DOSed... it sux.

-Do I report to ISP or authorities
The ISP is in an eastern European country and I don't know if the
local authorities would do anything let alone care.

-Do I do nothing
This option sucks but it sure is the easiest

The answer to this question is inversely proportional to the amount of time you have to screw with it.

case "$1" in
 no_time)
   OPTION=3
 ;;
 some_time)
   OPTION=1
 ;;
 lots_of_time)
   OPTION=2
 ;;
 *)
   echo $"Usage: 0$ {no_time|some_time|lots_of_time}"
   exit 1
esac

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]