Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Zombie detection rules

From: Alberto Colosi <alcol () hotmail com>
Date: Thu, 16 Feb 2017 09:00:38 +0000
Hi another approach ............. are not firewalls ?


I can't believe all is open , zombie is a wide kind of possible activity and is not so easy as can be imagined.


firewalls and uncommon authorized port usage for example during the night but not only .............. . All other kind 
of traffic will be dropped by firewalls and this kind of log is important too.


a SIEM can perform this kind of check in automatic if not you'll have to create some scripts to inspect log files.



Alberto Colosi

IT Security & NetWork



________________________________
From: Paul Li <paul () scybersecurity com>
Sent: Thursday, February 16, 2017 5:32 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Zombie detection rules

Is there any snort rule for zombies detection: to detect if the devices snort is monitoring are used as zombies. Or 
some rules that can detect large outgress traffic from a monitored device would also work.

Thanks,
Paul

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: