IDS mailing list archives
Re: Spyware Master Hosts DB
From: Rodrigo Barbosa <rodrigob () suespammers org>
Date: Mon, 4 Apr 2005 16:00:53 -0300
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 He is, aparently, talking about a wildcard DNS server which responds to the whole IP address range, with answers indicating if the site is included or not. Standard RBL DNS methodolory, if I understood correctly. On Sat, Apr 02, 2005 at 01:08:13PM -0600, Harper, Patrick wrote:
Still not sure what you are talking about. The bleeding snort project has some spyware and malware rule sets for Snort. www.bleedingsnort.com and www.snort.org. Is that what your looking for? -----Original Message----- From: Konstantin Khrooschev [mailto:nathoo () rtsnet ru] Sent: Saturday, April 02, 2005 9:04 AM To: Harper, Patrick Cc: focus-ids () securityfocus com Subject: Re: Spyware Master Hosts DB Harper, Patrick wrote:Something like this? http://www.bleedingsnort.com/blackhole-dns/thanks for great resource, but it isn't exactly what mean. i think about special trusted DNS somewhere on the net doing reverse lookup every known "master" host ip to something like master1.gator.in-addr.spyware for example. firewall log analiser script can use it automatically to detect infection.
- -- Rodrigo Barbosa <rodrigob () suespammers org> "Quid quid Latine dictum sit, altum viditur" "Be excellent to each other ..." - Bill & Ted (Wyld Stallyns) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) iD8DBQFCUY7lpdyWzQ5b5ckRAl+WAJ9clAhpFMKz0kWEb2Xsr5X+HJ3yMACeOd2f 2UCI6zKZTY5fymkurRAeK6k= =l0om -----END PGP SIGNATURE----- -------------------------------------------------------------------------- Stop hurting your network! The NeVO passive vulnerability sensor continuously finds vulnerabilities, applications and new hosts without the need for network scanning. It also finds compromised systems with application-based intrusion detection. Go to http://www.tenablesecurity.com/products/nevo.shtml to learn more. --------------------------------------------------------------------------
Current thread:
- Spyware Master Hosts DB Konstantin Khrooschev (Apr 01)
- <Possible follow-ups>
- RE: Spyware Master Hosts DB Harper, Patrick (Apr 04)
- Re: Spyware Master Hosts DB Konstantin Khrooschev (Apr 04)
- RE: Spyware Master Hosts DB Harper, Patrick (Apr 04)
- Re: Spyware Master Hosts DB Rodrigo Barbosa (Apr 05)