IDS mailing list archives
Re: Spyware Master Hosts DB
From: Konstantin Khrooschev <nathoo () rtsnet ru>
Date: Sat, 02 Apr 2005 19:04:10 +0400
Harper, Patrick wrote:
Something like this? http://www.bleedingsnort.com/blackhole-dns/
thanks for great resource, but it isn't exactly what mean. i think about special trusted DNS somewhere on the net doing reverse lookupevery known "master" host ip to something like master1.gator.in-addr.spyware for example.
firewall log analiser script can use it automatically to detect infection.
-----Original Message-----From: Konstantin Khrooschev [mailto:nathoo () rtsnet ru] Sent: Friday, April 01, 2005 1:55 AMTo: focus-ids () securityfocus com Subject: Spyware Master Hosts DB hello all! can anybody say something about idea of spyware owners network database to use in network ids. i mean of course not db of every infected computer on the net :-) but database of "master" computer addresses, to which victims try to send information. i think, it may be something like dns based open relay db.
-------------------------------------------------------------------------- Stop hurting your network!The NeVO passive vulnerability sensor continuously finds vulnerabilities, applications and new hosts without the need for network scanning. It also finds compromised systems with application-based intrusion detection. Go to http://www.tenablesecurity.com/products/nevo.shtml to learn more.
--------------------------------------------------------------------------
Current thread:
- Spyware Master Hosts DB Konstantin Khrooschev (Apr 01)
- <Possible follow-ups>
- RE: Spyware Master Hosts DB Harper, Patrick (Apr 04)
- Re: Spyware Master Hosts DB Konstantin Khrooschev (Apr 04)
- RE: Spyware Master Hosts DB Harper, Patrick (Apr 04)
- Re: Spyware Master Hosts DB Rodrigo Barbosa (Apr 05)