Malware detection with Snort

[Daniel Calvo Castro <daniel.calvo () kernelsecurity es>]

Hi list,

I´m new to network forensics and I´m wondering what would be the best
approach in order to detect a possible malware which is attacking a famous
online site from inside my organization on port 25 as far as I know, that
is what I thought in first instance:

 - Take Core? switch,configure port mirroring and start sniffing with
snort, filtering by ip address of the online site being attacked and store
the bunch of data for further analysis and reporting.

Is there some further measures / resources / tools / open source projects
or experience that would help me to detect the compromised system? Im
reading Malware Analysis Cookbook and getting some cool ideas.

Any help would be appreciated

Thanks in advance!

------------------------------------------------------------------------------
Shape the Mobile Experience: Free Subscription
Software experts and developers: Be at the forefront of tech innovation.
Intel(R) Software Adrenaline delivers strategic insight and game-changing 
conversations that shape the rapidly evolving mobile landscape. Sign up now. 
http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!