[Dshield] how to take down a 'bot-net' ?

Johannes Ullrich jullrich at euclidian.com
Fri Oct 4 16:50:55 GMT 2002

On Fri, 4 Oct 2002 12:19:11 -0400
"BarkerJr" <BarkerJr at clancdg.com> wrote:

> Please note that not all "botnets" are bad.  Many IRC bots, such as
> Eggdrop or Emech create a 'chat botnet' where their owners can chat with
> each other.  Both of these programs are legitimate programs that people
> run on unix shells that they pay ~10USD/mo for.

True. In this case, it is 'kaiten'. I don't think it can be used for
much else then DDOS. Also, the machines where 'recruited' using the
mod_ssl exploit. 

Not an IRC-head myself, I am not sure about the right vocabulary to
distinguish good bots from bad bots.

jullrich at euclidian.com             Collaborative Intrusion Detection
                                         join http://www.dshield.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/list/attachments/20021004/4dfeab35/attachment.bin

More information about the list mailing list