Wednesday, September 10, 2008

Botnet Page - nectarGrid Project

A subsection of the nG project is our botnet listings. These botnet listings are listed in the rules section of EmergingThreats website. What we have planned to do is to create a list of these IPs grouped from the rules and to find the relationship between them and the other botnet C&C IPs around the world. This is not a short term effort and hence it is good to start this effort at the very beginning. We would then analyze these IPs based on open information such as,
  • Whois
  • IPBlock
  • ReverseDNS
  • Web Banner
  • RWhois
  • DNS Graph
and once we have honeypots set around the world like what we are hoping to, we can make an initiative to trace this back to the original source. In our belief, providing security against botnet should be done by identifying the true source, or heart and core of this botnet. In other words, blocking the botnet command & control IP is a temporary fix, though the permanent one would be to track, tag and bag the real source who/which has caused this botnet to compromise systems and servers around the world.

We have just started with this page. Some of the sites that has been involved in such efforts are:
Shadow Server
Honeynet
Nepenthes
EmergingThreats
and few others. We would like to acknowledge them for all their contributions to this community, our community.

- EF

No comments: