Re: IRC DDoS botsMar 17 2003 01:22PM Jon Nelson (quincy linuxnotes net)
Johannes Ullrich said:
> O
>> It's another mIRC based DDoS trojan that scans for NT-Password and IIS
>> unicode exploits.
>> So the next questions is... How do we go about apprehending the
>> culprits? Can we somehow get wxmail.net revoked?
>
> IRC bots are a common plague. We do play 'whack the bot' once in a while
> if we find out about it. So far, I have yet to see a case successfully
> prosecuted.
If you can find a case where the bot and the victim are in the same state
you could try contacting your state police for assistance. The majority
of state police agencies have Computer Crime Units/Task Forces, who would
most likley be interested in these cases.
Even if the bot and victim aren't in the same state you might want to
contact them anyway, because it doesn't hurt to ask.
As fas prosecution, Pennsylvania recently enacted new computer crime laws
and one specifically addresses DOS attacks. Here are the laws:
--
Trooper Jon S. Nelson, Linux Certified Admin.
Pa. State Police, Bureau of Criminal Investigation
Computer Crimes Unit
Work: 610.344.4471 Page: 866.284.1603
jonelson (at) state.pa (dot) us [email concealed]
<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
Johannes Ullrich said:
> O
>> It's another mIRC based DDoS trojan that scans for NT-Password and IIS
>> unicode exploits.
>> So the next questions is... How do we go about apprehending the
>> culprits? Can we somehow get wxmail.net revoked?
>
> IRC bots are a common plague. We do play 'whack the bot' once in a while
> if we find out about it. So far, I have yet to see a case successfully
> prosecuted.
If you can find a case where the bot and the victim are in the same state
you could try contacting your state police for assistance. The majority
of state police agencies have Computer Crime Units/Task Forces, who would
most likley be interested in these cases.
Even if the bot and victim aren't in the same state you might want to
contact them anyway, because it doesn't hurt to ask.
As fas prosecution, Pennsylvania recently enacted new computer crime laws
and one specifically addresses DOS attacks. Here are the laws:
http://www.legis.state.pa.us/2001_0/sb1402p2429.htm
Jon
--
Trooper Jon S. Nelson, Linux Certified Admin.
Pa. State Police, Bureau of Criminal Investigation
Computer Crimes Unit
Work: 610.344.4471 Page: 866.284.1603
jonelson (at) state.pa (dot) us [email concealed]
------------------------------------------------------------------------
----
<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
[ reply ]