Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

Women aren't as mere as they used to be. -- Pogo


aus+uk / uk.comp.homebuilt / Re: OT: Botnets

SubjectAuthor
* OT: BotnetsGB
+* Re: OT: BotnetsMarco Moock
|`* Re: OT: BotnetsChris
| `* Re: OT: BotnetsMarco Moock
|  `- Re: OT: BotnetsVir Campestris
`- Re: OT: BotnetsTheo

1
OT: Botnets

<t2kaui$cse$1@dont-email.me>

 copy mid

https://www.novabbs.com/aus+uk/article-flat.php?id=2100&group=uk.comp.homebuilt#2100

 copy link   Newsgroups: uk.comp.homebuilt
Path: i2pn2.org!i2pn.org!aioe.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: NOTsome...@microsoft.invalid (GB)
Newsgroups: uk.comp.homebuilt
Subject: OT: Botnets
Date: Wed, 6 Apr 2022 16:17:39 +0100
Organization: A noiseless patient Spider
Lines: 9
Message-ID: <t2kaui$cse$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Wed, 6 Apr 2022 15:17:38 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="82b695be83c95715b4c82c7a40286df5";
logging-data="13198"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX181DPcjU48OMmLTwReg0KoS"
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101
Thunderbird/91.7.0
Cancel-Lock: sha1:LKJRC8qFil/xAOiX7XAg9v+VUaQ=
Content-Language: en-GB
 by: GB - Wed, 6 Apr 2022 15:17 UTC

https://therecord.media/ukraine-arrests-operator-of-ddos-botnet-with-100000-bots/

Ukrainian law enforcement announced the arrest of a suspect on
accusations of running a giant malware botnet of more than 100,000
infected systems.

What happens to a botnet, if the operator is arrested? Is it now in the
hands of the Ukraine armed forces?

Re: OT: Botnets

<20220406180244.01186429@ryz>

 copy mid

https://www.novabbs.com/aus+uk/article-flat.php?id=2101&group=uk.comp.homebuilt#2101

 copy link   Newsgroups: uk.comp.homebuilt
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: mo0...@posteo.de (Marco Moock)
Newsgroups: uk.comp.homebuilt
Subject: Re: OT: Botnets
Date: Wed, 6 Apr 2022 18:02:44 +0200
Organization: A noiseless patient Spider
Lines: 8
Message-ID: <20220406180244.01186429@ryz>
References: <t2kaui$cse$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Injection-Info: reader02.eternal-september.org; posting-host="b3b827ded93ba22094bdbbb96c333e2a";
logging-data="4491"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/f0JI7suT5tnVS70/hRC4O"
Cancel-Lock: sha1:XLFcnIrP9CvIDGjM4b7Z1A06DTE=
X-Newsreader: Claws Mail 3.17.8 (GTK+ 2.24.33; x86_64-pc-linux-gnu)
 by: Marco Moock - Wed, 6 Apr 2022 16:02 UTC

Am Mittwoch, 06. April 2022, um 16:17:39 Uhr schrieb GB:

> What happens to a botnet, if the operator is arrested? Is it now in
> the hands of the Ukraine armed forces?

I don't know it, but I assume the Ukrainian government will use it for
their purposes.

Re: OT: Botnets

<t2kh31$i74$1@dont-email.me>

 copy mid

https://www.novabbs.com/aus+uk/article-flat.php?id=2102&group=uk.comp.homebuilt#2102

 copy link   Newsgroups: uk.comp.homebuilt
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: ithink...@gmail.com (Chris)
Newsgroups: uk.comp.homebuilt
Subject: Re: OT: Botnets
Date: Wed, 6 Apr 2022 17:02:25 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 11
Message-ID: <t2kh31$i74$1@dont-email.me>
References: <t2kaui$cse$1@dont-email.me>
<20220406180244.01186429@ryz>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Injection-Date: Wed, 6 Apr 2022 17:02:25 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="75814d117f471479134466225da761ab";
logging-data="18660"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1894s50L+wIrsQgB85txPQWr+FOnDEEEK0="
User-Agent: NewsTap/5.5 (iPhone/iPod Touch)
Cancel-Lock: sha1:37GMm9aEQWTSvWIF/z2kI3wAe/0=
sha1:CYu9G7AlRGhXPoPdYfepfGK5gbQ=
 by: Chris - Wed, 6 Apr 2022 17:02 UTC

Marco Moock <mo01@posteo.de> wrote:
> Am Mittwoch, 06. April 2022, um 16:17:39 Uhr schrieb GB:
>
>> What happens to a botnet, if the operator is arrested? Is it now in
>> the hands of the Ukraine armed forces?
>
> I don't know it, but I assume the Ukrainian government will use it for
> their purposes.

I doubt they have the capability.

Re: OT: Botnets

<20220406204029.78de4700@ryz>

 copy mid

https://www.novabbs.com/aus+uk/article-flat.php?id=2103&group=uk.comp.homebuilt#2103

 copy link   Newsgroups: uk.comp.homebuilt
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: mo0...@posteo.de (Marco Moock)
Newsgroups: uk.comp.homebuilt
Subject: Re: OT: Botnets
Date: Wed, 6 Apr 2022 20:40:29 +0200
Organization: A noiseless patient Spider
Lines: 16
Message-ID: <20220406204029.78de4700@ryz>
References: <t2kaui$cse$1@dont-email.me>
<20220406180244.01186429@ryz>
<t2kh31$i74$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Injection-Info: reader02.eternal-september.org; posting-host="b3b827ded93ba22094bdbbb96c333e2a";
logging-data="1303"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX198d/EDOUth2xPOYJGnm7k8"
Cancel-Lock: sha1:tOsgTsSz9PNU4dy7Qd/bu9o0/gs=
X-Newsreader: Claws Mail 3.17.8 (GTK+ 2.24.33; x86_64-pc-linux-gnu)
 by: Marco Moock - Wed, 6 Apr 2022 18:40 UTC

Am Mittwoch, 06. April 2022, um 17:02:25 Uhr schrieb Chris:

> Marco Moock <mo01@posteo.de> wrote:
> > Am Mittwoch, 06. April 2022, um 16:17:39 Uhr schrieb GB:
> >
> >> What happens to a botnet, if the operator is arrested? Is it now in
> >> the hands of the Ukraine armed forces?
> >
> > I don't know it, but I assume the Ukrainian government will use it
> > for their purposes.
>
> I doubt they have the capability.
I think they have at least some technicians that are able to do so.
If not, they are very poor. ]:-)

Re: OT: Botnets

<QJg*Ox4Ky@news.chiark.greenend.org.uk>

 copy mid

https://www.novabbs.com/aus+uk/article-flat.php?id=2104&group=uk.comp.homebuilt#2104

 copy link   Newsgroups: uk.comp.homebuilt
Path: i2pn2.org!i2pn.org!aioe.org!nntp.terraraq.uk!nntp-feed.chiark.greenend.org.uk!ewrotcd!.POSTED!not-for-mail
From: theom+n...@chiark.greenend.org.uk (Theo)
Newsgroups: uk.comp.homebuilt
Subject: Re: OT: Botnets
Date: 06 Apr 2022 23:43:46 +0100 (BST)
Organization: University of Cambridge, England
Lines: 14
Message-ID: <QJg*Ox4Ky@news.chiark.greenend.org.uk>
References: <t2kaui$cse$1@dont-email.me>
NNTP-Posting-Host: chiark.greenend.org.uk
X-Trace: chiark.greenend.org.uk 1649285028 8722 212.13.197.229 (6 Apr 2022 22:43:48 GMT)
X-Complaints-To: abuse@chiark.greenend.org.uk
NNTP-Posting-Date: Wed, 6 Apr 2022 22:43:48 +0000 (UTC)
User-Agent: tin/1.8.3-20070201 ("Scotasay") (UNIX) (Linux/3.16.0-11-amd64 (x86_64))
Originator: theom@chiark.greenend.org.uk ([212.13.197.229])
 by: Theo - Wed, 6 Apr 2022 22:43 UTC

GB <NOTsomeone@microsoft.invalid> wrote:
> What happens to a botnet, if the operator is arrested? Is it now in the
> hands of the Ukraine armed forces?

There will be a command and control server - the nodes of the botnet check
in for further instructions. A common technique is for law enforcement to
take over the C&C server, so they now control the botnet. If the bot herder
is arrested without taking down the C&C server, presumably the botnet will
continue to do whatever it was doing beforehand. (It may be the nodes do
nothing unless specifically instructed by the C&C server, in which case the
operator going dark would cause the nodes to do nothing but still be
checking in to the network)

Theo

Re: OT: Botnets

<t2nhsh$n6r$1@dont-email.me>

 copy mid

https://www.novabbs.com/aus+uk/article-flat.php?id=2105&group=uk.comp.homebuilt#2105

 copy link   Newsgroups: uk.comp.homebuilt
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: vir.camp...@invalid.invalid (Vir Campestris)
Newsgroups: uk.comp.homebuilt
Subject: Re: OT: Botnets
Date: Thu, 7 Apr 2022 21:34:25 +0100
Organization: A noiseless patient Spider
Lines: 8
Message-ID: <t2nhsh$n6r$1@dont-email.me>
References: <t2kaui$cse$1@dont-email.me> <20220406180244.01186429@ryz>
<t2kh31$i74$1@dont-email.me> <20220406204029.78de4700@ryz>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Thu, 7 Apr 2022 20:34:25 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="c039d1e6949e2f70f9200eade33b4bd9";
logging-data="23771"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18zCdTJ2IaJG4m7dHRqqhRN1PZylyqLrLw="
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
Thunderbird/91.7.0
Cancel-Lock: sha1:a5tIKpmWbssIrWB+mykXb9V/WeQ=
In-Reply-To: <20220406204029.78de4700@ryz>
Content-Language: en-GB
 by: Vir Campestris - Thu, 7 Apr 2022 20:34 UTC

On 06/04/2022 19:40, Marco Moock wrote:
> I think they have at least some technicians that are able to do so.
> If not, they are very poor. ]:-)

I meet Ukranians every day on a zoom call. They seem to know what they
are doing, and we are developing software.

Andy

1
server_pubkey.txt

rocksolid light 0.9.7
clearnet tor