Snort mailing list archives

Re: was--Matt Jonkman in the new Hakin9--now detecting infections

From: "Jefferson, Shawn" <Shawn.Jefferson () bcferries com>
Date: Thu, 3 Feb 2011 12:26:08 -0700

"If Joe Clueless clicks on enough bad things"

I often see this sort of comment from security folks, but unfortunately with the threats on the web today, it's very 
difficult for Joe Clueless to indentify "bad things".  Search results are poisoned (and a lot of very obscure stuff as 
well, not just current events), legitimate sites are compromised, syndicated ads are malicious, etc...


-----Original Message-----
From: John York [mailto:YorkJ () brcc edu] 
Sent: Thursday, February 03, 2011 6:43 AM
To: snort-users () lists sourceforge net
Subject: Re: [Snort-users] was--Matt Jonkman in the new Hakin9--now detecting infections

I agree wholeheartedly.  My biggest concern is getting to the infected machines ASAP, so that's what I *really* want 
alerts on.  The IPS, firewall, AV, web filter, no admin rights for users, etc all do what they can to prevent 
compromises.  If Joe Clueless clicks on enough bad things, one of them will get him eventually and the trick is to get 
the computer isolated immediately.

BotHunter is a Snort-based system for detecting infections.  I've wanted to test it but have never had time.  Has 
anyone had good results with it?  ( I know I'm OT, but it is Snort based--maybe only one drink ;-)

Thanks
John

------------------------------------------------------------------------------
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires 
February 28th, so secure your free ArcSight Logger TODAY! 
http://p.sf.net/sfu/arcsight-sfd2d
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Re: [Emerging-Sigs] Matt Jonkman in the new Hakin9, (continued)
- - - Re: [Emerging-Sigs] Matt Jonkman in the new Hakin9 Joel Esler (Jan 31)
    - Re: [Emerging-Sigs] Matt Jonkman in the new Hakin9 Matthew Jonkman (Jan 31)
    - Re: [Emerging-Sigs] Matt Jonkman in the new Hakin9 Michael Lubinski (Jan 31)
    - Re: [Emerging-Sigs] Matt Jonkman in the new Hakin9 Matthew Jonkman (Jan 31)
    - Re: [Emerging-Sigs] Matt Jonkman in the new Hakin9 Jason Wallace (Feb 01)
    - Re: [Emerging-Sigs] Matt Jonkman in the new Hakin9 Matthew Jonkman (Feb 02)
    - Re: [Emerging-Sigs] Matt Jonkman in the new Hakin9 Martin Holste (Feb 02)
    - Re: was--Matt Jonkman in the new Hakin9--now detecting infections John York (Feb 03)
    - Re: was--Matt Jonkman in the new Hakin9--now detecting infections Matthew Jonkman (Feb 03)
    - Re: was--Matt Jonkman in the new Hakin9--now detecting infections Marshall Bartoszek (Feb 04)
    - Re: was--Matt Jonkman in the new Hakin9--now detecting infections Jefferson, Shawn (Feb 03)
    - Re: was--Matt Jonkman in the new Hakin9--now detecting infections John York (Feb 03)
    - Re: [Emerging-Sigs] Matt Jonkman in the new Hakin9 Jason Wallace (Feb 03)
    - Re: [Emerging-Sigs] Matt Jonkman in the new Hakin9 Martin Holste (Feb 03)
  - Re: [Emerging-Sigs] Matt Jonkman in the new Hakin9 Matt Olney (Feb 04)
    - Re: [Emerging-Sigs] Matt Jonkman in the new Hakin9 Will Metcalf (Feb 04)
    - Re: [Emerging-Sigs] Matt Jonkman in the new Hakin9 Matthew Jonkman (Feb 04)
- Re: Matt Jonkman in the new Hakin9 Ray Caparros (Jan 31)