With a little bit of Perl-fu, you can pretty much make the download
list available to anything you want. One of the lists is at
https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist

I found a Perl script that basically put some of the known C&C domains
in to a database written by Joshua Douglas but I can't remember where
I found it on the web. I thought it was on the Abuse.ch site.

Here's the headers in case it helps someone locate it.
# Program: bot-c2-update.pl
# Author: Joshua Douglas
# Created: 09/16/2010
# Purpose: Perl Script to load new known C2 domains.
# Reasoning: Automate insertion of bot c2s in database

Peter

On Tue, May 8, 2012 at 2:54 PM, Thugzclub <thugzclub (at) googlemail (dot) com [email concealed]> wrote:
> Can we feed into Squid to monitor block out bound connections to malicious IP addresses.
>
>
>
>
>
>
>
> On 8 May 2012, at 12:19, Peter Milleson <pitr256 (at) gmail (dot) com [email concealed]> wrote:
>
>> Hi Mahmoud,
>>
>> I have found the kb.bothunter.net has a very good and updated tracking
>> of malware propagation hosts and botnet C&Cs. They also have a fairly
>> easy to extend function to look up whether an IP is malicious or not,
>> i.e.: http://kb.bothunter.net/ipInfo/IPRep.php?IP=xx.xx.xx.xx where
>> xx.xx.xx.xx is the IP you are querying information on.
>>
>> Zeus tracker (https://zeustracker.abuse.ch/) does a good job as well
>> but not as easy to extend with a simple web query but their data is
>> downloadable.
>>
>> Regards,
>>
>> Peter
>>
>> On Tue, May 8, 2012 at 1:47 PM, Thugzclub <thugzclub (at) googlemail (dot) com [email concealed]> wrote:
>>> Look at the symantec solutions. What end point solution are you using?
>>>
>>>
>>>
>>> On 7 May 2012, at 01:31, Mahmoud Kaddoura <Mahmoud.Kaddoura (at) injazat (dot) com [email concealed]> wrote:
>>>
>>>> Hi
>>>>
>>>> I am wondering if there is a specific and updated list of botnet servers that we can monitor against since the End Point Protection is not detecting them in some cases
>>>>
>>>> Regards,
>>>> Mahmoud
>>>>
>>>> -----Original Message-----
>>>> From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of Hani Habashy
>>>> Sent: Friday, May 04, 2012 10:30 PM
>>>> To: 'Ahmed RAHAL'; 'Thugzclub'
>>>> Cc: pen-test (at) securityfocus (dot) com [email concealed]; security-basics (at) securityfocus (dot) com [email concealed]
>>>> Subject: RE: Firewall Review
>>>>
>>>> Kiwi syslog is windows environment options as well.  If you have it in the budget checkout Palo Alto Firewalls.  It has some really cool logging abilities and can get right down the user.
>>>>
>>>> Thanks,
>>>>
>>>>
>>>> Hani Habashy
>>>> Director of Information Technology
>>>>
>>>>
>>>> -----Original Message-----
>>>> From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of Ahmed RAHAL
>>>> Sent: Friday, May 04, 2012 2:06 PM
>>>> To: Thugzclub
>>>> Cc: pen-test (at) securityfocus (dot) com [email concealed]; security-basics (at) securityfocus (dot) com [email concealed]
>>>> Subject: Re: Firewall Review
>>>>
>>>> Hi,
>>>>
>>>> I liked webmin's firewall module a lot. It looks clean and has all possible options.
>>>>
>>>> You'll have to create a 'standard' firewall configuration file with 'iptables-save' to make it parsable. But from there, it is quite straigt forward to understand.
>>>>
>>>> This removes the pain of the very frustrating (yet logical) command line. Besides, good knowledge of iptables is not optional ;)
>>>>
>>>> bye,
>>>>
>>>> Le vendredi 04 mai 2012 à 13:26 +0100, Thugzclub a écrit :
>>>>> Guys - I think you may have misunderstood me. I want something to consume existing firewall rules and present them in a GUI so that I can review it...
>>>>>
>>>>>
>>>>>
>>>>> On 4 May 2012, at 07:07, Thugzclub <thugzclub (at) googlemail (dot) com [email concealed]> wrote:
>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> I need to review an IPtables rule set  but Iptable syntax is killing me :((. Any guidance on tools that can simplify it?
>>>>>>
>>>>>>
>>>>>> cheers
>>>>>>
>>>>>>
>>>>>> On 3 May 2012, at 20:12, David Bridgman <David.Bridgman (at) lifelock (dot) com [email concealed]> wrote:
>>>>>>
>>>>>>> You could get a product like Splunk or setup a Linux box with syslogng and zabbix for the monitoring and logging. External companies that monitor firewalls usually create an ssl or vpn connection via the internet to your devices to pull in logging information. Depending on what you would like them to do, just logging or config changes you will need to give them access for this.
>>>>>>>
>>>>>>> David Bridgman, CISSP
>>>>>>> Sr. Information Security Engineer | LifeLock® - Relentlessly
>>>>>>> Protecting Your IdentityT
>>>>>>> 480.457.2029 Office | 480.253.2633 Cell David.Bridgman (at) lifelock (dot) com [email concealed]
>>>>>>> 60 E. Rio Salado Parkway, Suite 400, Tempe, AZ 85281
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> -----Original Message-----
>>>>>>> From: listbounce (at) securityfocus (dot) com [email concealed]
>>>>>>> [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of a bv
>>>>>>> Sent: Thursday, May 03, 2012 5:25 AM
>>>>>>> To: security-basics (at) securityfocus (dot) com [email concealed]
>>>>>>> Subject: Firewall availability and reporting
>>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> Im again in need of  firewall availability and reporting. Is there a solution you can recommend? There are companies at web which says we are doing firewall external monitoring but i doent know how do they technically do that and how reliable and good working .
>>>>>>>
>>>>>>>
>>>>>>> Regards
>>>>>>>
>>>>>>> -------------------------------------------------------------------
>>>>>>> ----- Securing Apache Web Server with thawte Digital Certificate In
>>>>>>> this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>>>>>>>
>>>>>>> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6
>>>>>>> be442f727d1
>>>>>>> -------------------------------------------------------------------
>>>>>>> -----
>>>>>>>
>>>>>>>
>>>>>>> ___________________________________________________________________
>>>>>>> __________ The information contained in this transmission may
>>>>>>> contain privileged and confidential information. It is intended only for the use of the person(s) named above. If you are not the intended recipient, you are hereby notified that any review, dissemination, distribution or duplication of this communication is strictly prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message.
>>>>>>> ___________________________________________________________________
>>>>>>> __________
>>>>>>>
>>>>>>> -------------------------------------------------------------------
>>>>>>> ----- Securing Apache Web Server with thawte Digital Certificate In
>>>>>>> this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>>>>>>>
>>>>>>> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6
>>>>>>> be442f727d1
>>>>>>> -------------------------------------------------------------------
>>>>>>> -----
>>>>>>>
>>>>>
>>>>> ----------------------------------------------------------------------
>>>>> -- Securing Apache Web Server with thawte Digital Certificate In this
>>>>> guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>>>>>
>>>>> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be4
>>>>> 42f727d1
>>>>> ----------------------------------------------------------------------
>>>>> --
>>>>>
>>>>
>>>> --
>>>> =================================================
>>>> Ahmed Rahal <arahal (at) iweb (dot) com [email concealed]> / iWeb Technologies =================================================
>>>>
>>>>
>>>> ------------------------------------------------------------------------

>>>> Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>>>>
>>>> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
>>>> ------------------------------------------------------------------------

>>>>
>>>>
>>>>
>>>>
>>>> Confidentiality Notice:  The contents of this message, together with any attachments, are intended only for the use of the
>>>> person(s) to which they are addressed and may contain confidential and/or privileged information.  Further, any medical  information herein is confidential and protected by law. It is unlawful for unauthorized persons to use, review, copy, disclose, or disseminate confidential medical information. If you are not the intended recipient, immediately advise the  sender and delete this message and any attachments. Any distribution, or copying of this message, or any attachment, is prohibited.
>>>>
>>>>
>>>> ------------------------------------------------------------------------

>>>> Securing Apache Web Server with thawte Digital Certificate
>>>> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>>>>
>>>> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
>>>> ------------------------------------------------------------------------

>>>>
>>>> Disclaimer:
>>>> This e-mail message is intended solely for the individual or organization to which it is addressed. This message with all of its attachments (if any) may contain privileged and/or confidential information.
>>>> Views, opinions or conclusive remarks expressed in this message are those of the sender and do not necessarily express the views of Injazat Data Systems LLC and its related companies.
>>>> If you are not the intended recipient of this message, please immediately advise the sender by reply email or by telephone call to the number above or +971 2 699 2700; please also permanently delete this message.
>>>> Any unauthorized use, printing, copying, retention, disclosure or distribution of this message is strictly prohibited.
>>>>
>>>> This email message has been scanned for the presence of computer viruses.
>>>
>>> ------------------------------------------------------------------------

>>> Securing Apache Web Server with thawte Digital Certificate
>>> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>>>
>>> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
>>> ------------------------------------------------------------------------

>>>
>>
>> ------------------------------------------------------------------------

>> Securing Apache Web Server with thawte Digital Certificate
>> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>>
>> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
>> ------------------------------------------------------------------------

>>

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------

[ reply ]