Author Topic: How to Disrupt a Botnet  (Read 2168 times)

0 Members and 1 Guest are viewing this topic.

November 09, 2009, 08:21:40 am
Read 2168 times

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
http://blogs.sans.org/computer-forensics/2009/11/08/how-to-disrupt-a-botnet/

Quote
The following note is inspired by the steps the folks at FireEye Malware Intelligence Lab took to disable the Mega-d/Ozdok bot network. People often wonder what it takes to shut down a botnet. Here are the key steps, which apply to “traditional” botnets, which don’t rely heavily on peer-to-peer protocols for their command and control (C&C) implementation; the number of hosts and domains that such botnets use can be sufficiently small that a group or an individual can disrupt the botnet by getting these IPs or domain names shut down.
Ruining the bad guy's day