Snort mailing list archives
Re: was--Matt Jonkman in the new Hakin9--now detecting infections
From: "Jefferson, Shawn" <Shawn.Jefferson () bcferries com>
Date: Thu, 3 Feb 2011 12:26:08 -0700
"If Joe Clueless clicks on enough bad things" I often see this sort of comment from security folks, but unfortunately with the threats on the web today, it's very difficult for Joe Clueless to indentify "bad things". Search results are poisoned (and a lot of very obscure stuff as well, not just current events), legitimate sites are compromised, syndicated ads are malicious, etc... -----Original Message----- From: John York [mailto:YorkJ () brcc edu] Sent: Thursday, February 03, 2011 6:43 AM To: snort-users () lists sourceforge net Subject: Re: [Snort-users] was--Matt Jonkman in the new Hakin9--now detecting infections I agree wholeheartedly. My biggest concern is getting to the infected machines ASAP, so that's what I *really* want alerts on. The IPS, firewall, AV, web filter, no admin rights for users, etc all do what they can to prevent compromises. If Joe Clueless clicks on enough bad things, one of them will get him eventually and the trick is to get the computer isolated immediately. BotHunter is a Snort-based system for detecting infections. I've wanted to test it but have never had time. Has anyone had good results with it? ( I know I'm OT, but it is Snort based--maybe only one drink ;-) Thanks John ------------------------------------------------------------------------------ Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: [Emerging-Sigs] Matt Jonkman in the new Hakin9, (continued)
- Re: [Emerging-Sigs] Matt Jonkman in the new Hakin9 Joel Esler (Jan 31)
- Re: [Emerging-Sigs] Matt Jonkman in the new Hakin9 Matthew Jonkman (Jan 31)
- Re: [Emerging-Sigs] Matt Jonkman in the new Hakin9 Michael Lubinski (Jan 31)
- Re: [Emerging-Sigs] Matt Jonkman in the new Hakin9 Matthew Jonkman (Jan 31)
- Re: [Emerging-Sigs] Matt Jonkman in the new Hakin9 Jason Wallace (Feb 01)
- Re: [Emerging-Sigs] Matt Jonkman in the new Hakin9 Matthew Jonkman (Feb 02)
- Re: [Emerging-Sigs] Matt Jonkman in the new Hakin9 Martin Holste (Feb 02)
- Re: was--Matt Jonkman in the new Hakin9--now detecting infections John York (Feb 03)
- Re: was--Matt Jonkman in the new Hakin9--now detecting infections Matthew Jonkman (Feb 03)
- Re: was--Matt Jonkman in the new Hakin9--now detecting infections Marshall Bartoszek (Feb 04)
- Re: was--Matt Jonkman in the new Hakin9--now detecting infections Jefferson, Shawn (Feb 03)
- Re: was--Matt Jonkman in the new Hakin9--now detecting infections John York (Feb 03)
- Re: [Emerging-Sigs] Matt Jonkman in the new Hakin9 Jason Wallace (Feb 03)
- Re: [Emerging-Sigs] Matt Jonkman in the new Hakin9 Martin Holste (Feb 03)
- Re: [Emerging-Sigs] Matt Jonkman in the new Hakin9 Will Metcalf (Feb 04)
- Re: [Emerging-Sigs] Matt Jonkman in the new Hakin9 Matthew Jonkman (Feb 04)