RE: RE: About detecting bots....

["Chris Brown" <chris () get-tuf com>]

Its not open source but it is FREE,
http://download.netwitness.com/download.php?src=DIRECT limited to 1gb
captures but sniff your egress traffic and you will spot outbound Botnet
connections very quickly, you may also see some other surprising traffic ;-)


Chris

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of saintarmin () hotmail com
Sent: 24 February 2009 22:10
To: focus-ids () securityfocus com
Subject: Re: RE: About detecting bots....

Hi everybody

thanks so much your reply on this post.

Well lets see...

I prefer to work with open source tools, becouse I like so much doing
research and try to create or upgrade tools.

I use rules from emerging threats on my Snort sensors...
I use also honeypots and darknets to intent find another bots on my network.

In past post some guy suggets use BotHunter, and the last moth I implement
on two sensors, but at today Bothunter cant create any profile of some bot,
I mean bothunter dont find ny bot on my network :s to me dont work very
well. 

For example I also use Argus to find more bots (you can check this link, its
very interesting http://www.rawpacket.org/papers/geek00ls-junk )

And my object of this post  was to know about another tools like help in the
task of find botnets.

I know this field is very newer but maybe someone use "x" technique on your
network and could show us to attempt use on our networks.


Mac Rosel, thanks for your tip :D.

Thanks everybody to reply this post and if you have some material to apport
please show us...

PD 

Kyle Rosenthal. I cant see your link