IDS mailing list archives
Re: About detecting bots....
From: Raffael Marty <rmarty () splunk com>
Date: Mon, 23 Feb 2009 22:52:10 -0800
In order to cut down your time of going through textual logs, I recommend using some kind of visualization to analyze the log data that you capture. There are a number of people, especially ones part of the Honeynet Alliance that have done bot net visualization work. I am working with some of them to come up with some better methods also.
To get some ideas, visit SecViz: http://secviz.org Raffael -- Raffael Marty @zrlram Chief Security Strategist @ Splunk> Security Visualization: http://secviz.org raffy.ch/blog On Feb 23, 2009, at 9:03 AM, Chris Brown wrote:
I use the Netwitness NextGen platform, www.netwitness.com this provides full packet capture for forensic analysis and incident response. Excellent for detecting Botnets and encrypted C&C channels especially when combined with athreat feed. Regards Chris -----Original Message-----From: listbounce () securityfocus com [mailto:listbounce () securityfocus com ] OnBehalf Of saintarmin () hotmail com Sent: 23 February 2009 16:13 To: focus-ids () securityfocus com Subject: About detecting bots.... HiWell I like so much ask your opinion using this way... In this time, Im veryinteresting about, How you can detect bots on your network? In the last month I implement on my network Bothunter (you can seehttp://www.bothunter.net), but to my it doesnt still work very well.This tool dont have found any bot in my network, and doing an analyse using NSMI found some of them.Well Do you use some technich, tools, or anything else to find some bots in your network? I know this is a very new field on research, but maybe youknow about something that can help detecting this kind of malware. thanks for all. regards Armin Garcia
Current thread:
- About detecting bots.... saintarmin (Feb 23)
- RE: About detecting bots.... Richard Golodner (Feb 23)
- RE: About detecting bots.... Chris Brown (Feb 23)
- Re: About detecting bots.... Raffael Marty (Feb 24)
- Re: About detecting bots.... Mac Rosel (Feb 25)
- Re: About detecting bots.... Raffael Marty (Feb 24)
- <Possible follow-ups>
- Re: RE: About detecting bots.... saintarmin (Feb 25)
- RE: RE: About detecting bots.... Chris Brown (Feb 25)