Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

AW: What to do with bot networks
From: "Robert Marquardt" <email () robert-marquardt com>
Date: Fri, 3 Dec 2004 22:23:46 +0100

I fully agree Paul.

-----Urspr√ľngliche Nachricht-----
Von: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] Im Auftrag von Paul Schmehl
Gesendet: Freitag, 3. Dezember 2004 19:52
An: Conor Sibley; full-disclosure () lists netsys com
Betreff: Re: [Full-Disclosure] What to do with bot networks

--On Friday, December 03, 2004 12:27:20 PM -0500 Conor Sibley 
<csibley () gmail com> wrote:

-Do I disable the network
This is a huge network that is likely used for DDOSing.  If you've
ever been DOSed... it sux.

-Do I report to ISP or authorities
The ISP is in an eastern European country and I don't know if the
local authorities would do anything let alone care.

-Do I do nothing
This option sucks but it sure is the easiest

The answer to this question is inversely proportional to the amount of time 
you have to screw with it.

case "$1" in
  no_time)
    OPTION=3
  ;;
  some_time)
    OPTION=1
  ;;
  lots_of_time)
    OPTION=2
  ;;
  *)
    echo $"Usage: 0$ {no_time|some_time|lots_of_time}"
    exit 1
esac

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault