Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
Fast flux foils bot-net takedown
Robert Lemos, SecurityFocus 2007-07-09

Network security analyst Lawrence Baldwin has helped take down his share of bot nets, but he worries that those days may largely be over.

Comments Mode:
Fast flux foils bot-net takedown 2007-07-10
Anonymous (3 replies)
Why don't ISPs just block the inbound DNS traffic to home machines on dynamic addresses? Do that and the distributed DNS part evaporates....

[ more ]  [ reply ]
Re: Fast flux foils bot-net takedown 2007-07-12
Anonymous (1 replies)
Because that would make dynamic addresses unusable? I don't have google's IP addresses memorized; do you? That said, there are lots of things providers can do to mitigate botnets. One of the main ones is outbound port 25 blocking. Most dynamic users should be using their providers' mail servers f...

[ more ]  [ reply ]
Re: Re: Fast flux foils bot-net takedown 2007-07-13
Anonymous (1 replies)
Nice idea... ...in theory.

I assume that you want providers to force their customers to use their SMTP servers.

But: If you're running a bot net, nobody can stop you from creating an open mail relay using a port different from the standard SMTP port (all those assigned port numbers are just a conv...

[ more ]  [ reply ]
Re: Re: Re: Fast flux foils bot-net takedown 2007-11-15
Anonymous
But you don't care if you have an open relay. If you block destination port 25, the bot can't transfer mail to other SMTP servers outside that network. ...

[ more ]  [ reply ]
Re: Fast flux foils bot-net takedown 2007-07-12
Anonymous
ha ha ha :)))...

[ more ]  [ reply ]
Re: Fast flux foils bot-net takedown 2007-07-12
Anonymous (1 replies)
Umm...what if you host your own DNS for legitimate purposes? Dont't penalize me because of some scumbags....

[ more ]  [ reply ]
Re: Re: Fast flux foils bot-net takedown 2007-07-13
Anonymous
Kind of like you can't send e-mail from a "dynamic IP" anymore because of some spammer "scumbags"?...

[ more ]  [ reply ]
Fast flux foils bot-net takedown 2007-07-14
C9mpuuterSeK3rity D00d (1 replies)
This entire story is poorly written and is basically incorrect and silly if I get the point of it correctly (which I THINK I do) Please, dont waste our time with this drivle!...

[ more ]  [ reply ]
Re: Fast flux foils bot-net takedown 2007-08-19
Anonymous
C9mpuuterSeK3rity D00d, ah dear, don't you think you should take a closer look at your own writing before you criticise other peoples? Your name is ridiculous btw....

[ more ]  [ reply ]
Fast flux foils bot-net takedown 2009-04-03
John
What if their was a way to detect a fast flux site with just commonly available shareware software ??

Try www.pingplotter.com, graphical ping tracing software.....

This will show changes in the routing path in real time, and can be saved to a text file for future evaluation of routing paths.

I ...

[ more ]  [ reply ]




 

Privacy Statement
Copyright 2009, SecurityFocus