Snort mailing list archives
Malware detection with Snort
From: Daniel Calvo Castro <daniel.calvo () kernelsecurity es>
Date: Mon, 25 Nov 2013 18:50:00 +0100
Hi list, I´m new to network forensics and I´m wondering what would be the best approach in order to detect a possible malware which is attacking a famous online site from inside my organization on port 25 as far as I know, that is what I thought in first instance: - Take Core? switch,configure port mirroring and start sniffing with snort, filtering by ip address of the online site being attacked and store the bunch of data for further analysis and reporting. Is there some further measures / resources / tools / open source projects or experience that would help me to detect the compromised system? Im reading Malware Analysis Cookbook and getting some cool ideas. Any help would be appreciated Thanks in advance!
------------------------------------------------------------------------------ Shape the Mobile Experience: Free Subscription Software experts and developers: Be at the forefront of tech innovation. Intel(R) Software Adrenaline delivers strategic insight and game-changing conversations that shape the rapidly evolving mobile landscape. Sign up now. http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Malware detection with Snort Daniel Calvo Castro (Nov 26)
- Re: Malware detection with Snort Salvo (Nov 26)
- Re: Malware detection with Snort Mayur Patil (Nov 26)
- <Possible follow-ups>
- Re: Malware detection with Snort Maxwell, Jamison [HDS] (Nov 26)
- Re: Malware detection with Snort Salvo (Nov 26)