IDS mailing list archives

RE: About detecting bots....

From: "Richard Golodner" <rgolodner () infratection com>
Date: Mon, 23 Feb 2009 10:56:31 -0600

        Armin Garcia asked today:

Well Do you use some technique, tools, or anything else to find some bots

in your network? I know this is a very new field on research, but maybe you

know about something that can help detecting this kind of malware.


        Armin, look at your logs for strange behavior on hosts under your
control. Do you see machines re-booting, trying to send mail out. Collect a
baseline traffic analysis of the general noise of your network by using
Wireshark and continue to sample the data streams until you either see some
odd behavior or you feel pretty confident your nets are clean.
        What you need to do if you find an offensive machine is isolate it
off the network and capture packets as it tries to communicate with its
owner.
        There are many experts when it comes to this topic, these are just a
few of my initial impressions.
        Sincerely, Richard

Current thread:

About detecting bots.... saintarmin (Feb 23)
- RE: About detecting bots.... Richard Golodner (Feb 23)
- RE: About detecting bots.... Chris Brown (Feb 23)
  - Re: About detecting bots.... Raffael Marty (Feb 24)
    - Re: About detecting bots.... Mac Rosel (Feb 25)
- <Possible follow-ups>
- Re: RE: About detecting bots.... saintarmin (Feb 25)
  - RE: RE: About detecting bots.... Chris Brown (Feb 25)