IDS mailing list archives

Re: Spyware Master Hosts DB

From: Rodrigo Barbosa <rodrigob () suespammers org>
Date: Mon, 4 Apr 2005 16:00:53 -0300

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

He is, aparently, talking about a wildcard DNS server which responds
to the whole IP address range, with answers indicating if the site is
included or not. Standard RBL DNS methodolory, if I understood correctly.

On Sat, Apr 02, 2005 at 01:08:13PM -0600, Harper, Patrick wrote:

Still not sure what you are talking about.  The bleeding snort project
has some spyware and malware rule sets for Snort.  www.bleedingsnort.com
and www.snort.org.  Is that what your looking for? 

-----Original Message-----
From: Konstantin Khrooschev [mailto:nathoo () rtsnet ru] 
Sent: Saturday, April 02, 2005 9:04 AM
To: Harper, Patrick
Cc: focus-ids () securityfocus com
Subject: Re: Spyware Master Hosts DB

Harper, Patrick wrote:

Something like this?
http://www.bleedingsnort.com/blackhole-dns/

thanks for great resource, but it isn't exactly what mean.

i think about special trusted DNS somewhere on the net doing reverse
lookup
every known "master" host ip to something like 
master1.gator.in-addr.spyware for example.
firewall log analiser script can use it automatically to detect
infection.


- -- 
Rodrigo Barbosa <rodrigob () suespammers org>
"Quid quid Latine dictum sit, altum viditur"
"Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFCUY7lpdyWzQ5b5ckRAl+WAJ9clAhpFMKz0kWEb2Xsr5X+HJ3yMACeOd2f
2UCI6zKZTY5fymkurRAeK6k=
=l0om
-----END PGP SIGNATURE-----

--------------------------------------------------------------------------
Stop hurting your network!
 
The NeVO passive vulnerability sensor continuously finds vulnerabilities, 
applications and new hosts without the need for network scanning. 
It also finds compromised systems with application-based intrusion detection. 
Go to http://www.tenablesecurity.com/products/nevo.shtml to learn more.
--------------------------------------------------------------------------

Current thread:

Spyware Master Hosts DB Konstantin Khrooschev (Apr 01)
- <Possible follow-ups>
- RE: Spyware Master Hosts DB Harper, Patrick (Apr 04)
  - Re: Spyware Master Hosts DB Konstantin Khrooschev (Apr 04)
- RE: Spyware Master Hosts DB Harper, Patrick (Apr 04)
  - Re: Spyware Master Hosts DB Rodrigo Barbosa (Apr 05)