Re: [Full-disclosure] Botnet Traffic

[Derek Grocke <derek@xxxxxxxxxxx>]

Hi James,

I've found that using the Shadow Server network/ASN reports is very useful,
depending on what analysis you are trying to do.

http://www.shadowserver.org/wiki/pmwiki.php/Involve/GetReportsOnYourNetwork

I.e.
 - Detected Botnet Command and Control servers
 - Infected systems (drones)
 - DDoS attacks (source and victim)
 - Scans
 - Clickfraud
 - Compromised hosts
 - Proxies
 - Spam relays
 - Malicious software droppers and other related information.
 - Compromised hosts
 - Proxies
 - Spam relays
 - Malicious software droppers and other related information.

You could always create your own honeypot and/or partner with one of the
carriers/ISP's to get live data.


Thanks
Derek

On 24/02/2012, at 8:51 AM, James Smith <james@xxxxxxxxxxxxxxxxxxxx> wrote:

 Hello,

Can anyone on this list provide botnet network traffic for analysis, or
Ip’s which have been infected.
-- 
Sincerely;


James Smith
CEO, CEH, Security Analyst
Email: james@xxxxxxxxxxxxxxxxxxxx
Phone: 1877-760-1953
Website: www.SmithwaySecurity.com


CONFIDENTIALITY NOTICE: This communication with its contents may contain
confidential and/or legally privileged information. It is solely for the
use of the intended recipient(s). Unauthorized interception, review, use or
disclosure is prohibited and may violate applicable laws including the
Electronic Communications Privacy Act. If you are not the intended
recipient, please contact the sender and destroy all copies of the
communication.

- This communication is confidential to the parties it was intended to
serve -

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/