[Dshield] how to take down a 'bot-net' ?

Johannes Ullrich jullrich at euclidian.com
Sun Oct 6 02:36:19 GMT 2002

> When does it work best and when worst?  This would be a hint as to how
> better communicate.  Is it english being a foreign language?  Too much
> lingo?  Certain industries?

In my experience, university admins and clue full small ISPs are best.
The turn around time for large ISPs is very bad in most cases. 

> >- notify the owner of the IRC server. Sometimes works great, sometimes
> >  not at all. Depends usually if they know what a 'botnet' is all about.
> What definition are you giving them?  It's not a simple concept to
> explain to total laypeople, but if you want I could work on one.

yes. this is a problem. to get someone up to speed that has never
heard of the concept. In particular as this has to happen fairly quick

jullrich at euclidian.com             Collaborative Intrusion Detection
                                         join http://www.dshield.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/list/attachments/20021005/8be68e8c/attachment.bin

More information about the list mailing list