One of the things we’re doing in our work, and that will likely appear in our VBCon 06 paper, is understanding the distribution of OS’ per botnet command and control (c&c) server. I’ve been using a few tools to do this (it is in bulk…thousands of botnet servers; scripting “nmap -O” is the last resort), [...]
We’ve been tracking botnets for some time now; it’s a great way to directly monitor malicious activity. The graph above relates to a botnet I’m currently tracking. It’s seeing a lot of churn – something on the order of thousands of new IP addresses every day. But, that’s not quite accurate; it’s hosts leave and [...]
Q: What do you get when you cross PROTOS, Metasploit, SPIKE, tcpreplay, and ISIC, and then hardware-accelerate it? A: A slew of recently-launched “security analyzer” products — boxes designed to break just about anything on the network (including other security devices) by being the worst, most aggressive TCP/IP conversationalists imaginable. In an industry wholly pre-occupied [...]