IDS mailing list archives
Re: detecting network crowd surges
From: Jose Nazario <jose () monkey org>
Date: Tue, 8 Aug 2006 13:11:21 -0400 (EDT)
On Tue, 8 Aug 2006, mikeiscool wrote:
I wonder, though, is this how real botnets are controlled?
based on our measurements and observations, IRC is the dominant method for botnet control at this time. but HTTP methods, similar to the ones you described, are coming on in popularity. poll frequencies range from 5 seconds to 1 hour or more.
________ jose nazario, ph.d. jose () monkey org http://monkey.org/~jose/ http://monkey.org/~jose/secnews.html http://www.wormblog.com/ ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly?Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
------------------------------------------------------------------------
Current thread:
- detecting network crowd surges Ron Gula (Aug 04)
- Re: detecting network crowd surges mikeiscool (Aug 08)
- Re: detecting network crowd surges Jose Nazario (Aug 11)
- RE: detecting network crowd surges Craig Chamberlain (Aug 30)
- Re: detecting network crowd surges Jose Nazario (Aug 11)
- <Possible follow-ups>
- Re: detecting network crowd surges rgula () tenablesecurity com (Aug 08)
- Re: detecting network crowd surges mikeiscool (Aug 08)