Phishing & BotNets
Tracking Botnets Oct 19 2005 06:29PM
Saeed Abu Nimeh (drellman hotmail com) (2 replies)
Re: Tracking Botnets Oct 23 2005 07:14PM
Marc Dacier (marc dacier eurecom fr)
Re: Tracking Botnets Oct 22 2005 05:01PM
Thorsten Holz (thorsten holz mmweg rwth-aachen de)
Saeed Abu Nimeh wrote:
> Hi List,
> As for tracking botnets, I've read "Know your Enemy: Tracking Botnets"
> by the honeynet project. Does anyone know other resources (tools,
> papers, etc.) or even other techniques for tracking botnets and
> identifying farms of bots.

I am one of the authors of the KYE paper and have also written some
other papers that cover this topic:

- "Botnet Tracking: Exploring a Root-Cause Methodology to Prevent
Distributed Denial-of-Service Attacks"
http://lufgi4.informatik.rwth-aachen.de/publications/pdf/botnet-tracking
-exploring-a-root-cause-methodology-to-prevent-distributed-denial-of-ser
vice-attacks

- "A Short Visit to the Bot Zoo"
http://lufgi4.informatik.rwth-aachen.de/publications/pdf/a-short-visit-t
o-the-bot-zoo

The people from GeorgiaTech (especially David Dagon) have another
approach. "The Network is the Infection: Botnet Detection and Response"
(http://www.caida.org/projects/oarc/200507/slides/oarc0507-Dagon.pdf)
gives an overview. unfortunately the slides about KarstNet are not yet
online. "BOTS - The Creation of a Botnet Tracking Web Application"
(http://www.caida.org/projects/oarc/200507/slides/oarc0507-Hoffman.ppt)
gives an overview over a project from US-CERT.

HTH,
Thorsten

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus