Snort mailing list archives
Re: botnets
From: Livio Ricciulli <livio () metaflows com>
Date: Fri, 22 Mar 2013 12:16:53 -0700
Just to clarify, BotHunter is not a honeypot it is a real time correlator that finds infected hosts. It compares Snort IDS alerts from multiple sessions and combines them to find typical infection patterns. We run it on every sensor because its infection reports have
extremely low false positives.It does generate tcpslices of the infections which could be used to create test pcaps; but one would still need to setup a honeypot
to attract malicious activity. Livio. On 03/22/2013 08:20 AM, Joel Esler wrote:
On Mar 22, 2013, at 11:06 AM, John York <YorkJ () brcc edu <mailto:YorkJ () brcc edu>> wrote:BotHunter atwww.bothunter.net <http://www.bothunter.net/>is designed for this. It's been a while since I looked, but I believe it is based on Snort.Yes, it runs on Snort, and older version of it, but for the purpose they are using it for, it should be fine.-- *Joel Esler* Senior Research Engineer, VRT OpenSource Community Manager Sourcefire ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- botnets Pratik Narang (Mar 12)
- Re: botnets Pratik Narang (Mar 21)
- Re: botnets Livio Ricciulli (Mar 21)
- Re: botnets Pratik Narang (Mar 24)
- Re: botnets Gregory Pendergast (Mar 24)
- Re: botnets salawank (Mar 24)
- Re: botnets Livio Ricciulli (Mar 21)
- Re: botnets Pratik Narang (Mar 21)
- <Possible follow-ups>
- Re: botnets John York (Mar 22)
- Re: botnets Joel Esler (Mar 22)
- Re: botnets Livio Ricciulli (Mar 22)
- Re: botnets Joel Esler (Mar 22)