IDS mailing list archives
RE: About detecting bots....
From: "Richard Golodner" <rgolodner () infratection com>
Date: Mon, 23 Feb 2009 10:56:31 -0600
Armin Garcia asked today:
Well Do you use some technique, tools, or anything else to find some bots
in your network? I know this is a very new field on research, but maybe you
know about something that can help detecting this kind of malware.
Armin, look at your logs for strange behavior on hosts under your control. Do you see machines re-booting, trying to send mail out. Collect a baseline traffic analysis of the general noise of your network by using Wireshark and continue to sample the data streams until you either see some odd behavior or you feel pretty confident your nets are clean. What you need to do if you find an offensive machine is isolate it off the network and capture packets as it tries to communicate with its owner. There are many experts when it comes to this topic, these are just a few of my initial impressions. Sincerely, Richard
Current thread:
- About detecting bots.... saintarmin (Feb 23)
- RE: About detecting bots.... Richard Golodner (Feb 23)
- RE: About detecting bots.... Chris Brown (Feb 23)
- Re: About detecting bots.... Raffael Marty (Feb 24)
- Re: About detecting bots.... Mac Rosel (Feb 25)
- Re: About detecting bots.... Raffael Marty (Feb 24)
- <Possible follow-ups>
- Re: RE: About detecting bots.... saintarmin (Feb 25)
- RE: RE: About detecting bots.... Chris Brown (Feb 25)