Snort mailing list archives
Newbie: Bot Detection Rule
From: George Yobst <george () lincc lib or us>
Date: Thu, 21 Jun 2001 09:50:51 -0700 (PDT)
Hi all, I was just reading this article about how Gibson Research was knocked off the net ( http://grc.com/dos/grcdos.htm ). Near the end of the article was a section on detecting these bots. As a new snort user, I can probably RTM and create some rules that create an alert for ports 6667 and 113, but how do I test it? -George --------------------------------------------------------------------------- George Yobst, Library Technology Specialist phone: 503.723.4890 Library Information Network of Clackamas County fax: 503.794.8238 16239 SE McLoughlin Blvd, Suite 208 web: http://www.lincc.lib.or.us Oak Grove, OR 97267-4654 email: george () lincc lib or us "...it is impossible for anyone to begin to learn what he thinks he already knows." - Epictetus _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Newbie: Bot Detection Rule George Yobst (Jun 21)
- Re: Newbie: Bot Detection Rule Craig Woods (Jun 21)
- Re: Newbie: Bot Detection Rule George Yobst (Jun 21)
- Re: Newbie: Bot Detection Rule Chris Green (Jun 21)
- Re: Newbie: Bot Detection Rule George Yobst (Jun 21)
- Re: Newbie: Bot Detection Rule Brian Caswell (Jun 21)
- Re: Newbie: Bot Detection Rule Vitaly Osipov (Jun 22)
- Re: Newbie: Bot Detection Rule Craig Woods (Jun 21)