IDS mailing list archives
RE: Spyware Master Hosts DB
From: "Harper, Patrick" <Patrick.Harper () phns com>
Date: Sat, 2 Apr 2005 13:08:13 -0600
Still not sure what you are talking about. The bleeding snort project has some spyware and malware rule sets for Snort. www.bleedingsnort.com and www.snort.org. Is that what your looking for? -----Original Message----- From: Konstantin Khrooschev [mailto:nathoo () rtsnet ru] Sent: Saturday, April 02, 2005 9:04 AM To: Harper, Patrick Cc: focus-ids () securityfocus com Subject: Re: Spyware Master Hosts DB Harper, Patrick wrote:
Something like this? http://www.bleedingsnort.com/blackhole-dns/
thanks for great resource, but it isn't exactly what mean. i think about special trusted DNS somewhere on the net doing reverse lookup every known "master" host ip to something like master1.gator.in-addr.spyware for example. firewall log analiser script can use it automatically to detect infection.
-----Original Message----- From: Konstantin Khrooschev [mailto:nathoo () rtsnet ru] Sent: Friday, April 01, 2005 1:55 AM To: focus-ids () securityfocus com Subject: Spyware Master Hosts DB hello all! can anybody say something about idea of spyware owners network database to use in network ids. i mean of course not db of every infected computer on the net :-) but database of "master" computer addresses, to which victims try to send information. i think, it may be something like dns based open relay db.
----------------------------------------- Disclaimer: This electronic message, including any attachments, is confidential and intended solely for use of the intended recipient(s). This message may contain information that is privileged or otherwise protected from disclosure by applicable law. Any unauthorized disclosure, dissemination, use or reproduction is strictly prohibited. If you have received this message in error, please delete it and notify the sender immediately. -------------------------------------------------------------------------- Stop hurting your network! The NeVO passive vulnerability sensor continuously finds vulnerabilities, applications and new hosts without the need for network scanning. It also finds compromised systems with application-based intrusion detection. Go to http://www.tenablesecurity.com/products/nevo.shtml to learn more. --------------------------------------------------------------------------
Current thread:
- Spyware Master Hosts DB Konstantin Khrooschev (Apr 01)
- <Possible follow-ups>
- RE: Spyware Master Hosts DB Harper, Patrick (Apr 04)
- Re: Spyware Master Hosts DB Konstantin Khrooschev (Apr 04)
- RE: Spyware Master Hosts DB Harper, Patrick (Apr 04)
- Re: Spyware Master Hosts DB Rodrigo Barbosa (Apr 05)