Educause Security Discussion mailing list archives
Re: Botnet Detection
From: Stephen Gill <gillsr () CYMRU COM>
Date: Wed, 22 Aug 2007 16:10:00 -0700
Hi Jim, Plenty! I _highly_ recommend you get involved here: http://www.ren-isac.net/ I know of few better places to be for dealing with these sorts of issues in the .edu environment than involved in that group. There are a lot of people who can help get you up and running there very quickly with tested, proven methods for doing exactly what you are looking for. Some items for you to consider along the way, if you haven't already include: - deploying netflow/sflow collection capabilities - deploying sniffer capture capability - deploying localized darknets and/or automated malware collectors - tracking DNS query logs - etc. I've yet to see a silver bullet commercial appliance for battling botnets, and you won't win the war without a good mixture of tools and techniques. Unfortunately botnets are only the tip of the iceberg compared to other malware threats - they're just generally the most obvious :/. Again, please do consider applying for membership to REN-ISAC if you meet the membership criteria. You can't beat the price of admission. Cheers, -- steve From: Jones, Jim R [mailto:jonesj () ITS GONZAGA EDU] Sent: Wednesday, August 22, 2007 2:36 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Botnet Detection Does anyone have a utility or method of detecting botnet infections? This is becoming a serious problem that we have no way of tracking down at this point in time. Any suggestions are appreciated! Jim Jones IT Security Manager Gonzaga University 509.323.5926
Current thread:
- Botnet Detection Jones, Jim R (Aug 22)
- <Possible follow-ups>
- Re: Botnet Detection Donna michaels (Aug 22)
- Re: Botnet Detection Jones, Jim R (Aug 22)
- Re: Botnet Detection Clark, Joseph K (Aug 22)
- Re: Botnet Detection Jones, Jim R (Aug 22)
- Re: Botnet Detection Stephen Gill (Aug 22)
- Re: Botnet Detection Jay Tumas (Aug 22)
- Re: Botnet Detection John C. A. Bambenek, CISSP (Aug 22)
- Re: Botnet Detection David Taylor (Aug 23)
- Re: Botnet Detection Wayne J. Hauber (Aug 23)
- Re: Botnet Detection Joseph Karam (Aug 23)
- Re: Botnet Detection Curt Wilson (Aug 24)
- Re: Botnet Detection Joe St Sauver (Aug 24)