I’ve always been semi interested in botnets/trojans and targetted attacks and the way they get their data in and out and how the command and control centres work. One of the things i’d usually do is see if I can determine where the traffic is going from the bot (infected machine) and this would obviously point me to the c&c. I’d then fire up Maltego and start playing with that IP/hostname to see where else it appears, what other things are linked to it and so on. One of the concepts I was playing around with was how could you hide where your c&c and from this FireBridges as a concept where created.
I saw the pastebin guys put out a list of the IP addresses that have been attacking them for people to check if they were, I wrote a quick little script to test this at: http://andrewmohawk.com/pastebinAttack/
Secondly, i see pastelert broke with the new GUI change on pastebin, I’ve fixed it on mine and I will post an update sometime here, if its urgent just drop me a mail and i’ll send the patch :)
Not the quickest of cats
on the best of days.