IDS mailing list archives
Re: About detecting bots....
From: Mac Rosel <mroz () ksu edu>
Date: Tue, 24 Feb 2009 14:07:29 -0600
Have you tried simple nmap scans? A syn and version detection may reveal connections on uncommon ports typical of bots. Or, there are custom script scans design specifically for this purpose. Like, smtp-open-relay. Mac Quoting Raffael Marty <rmarty () splunk com>:
In order to cut down your time of going through textual logs, I recommend using some kind of visualization to analyze the log data that you capture. There are a number of people, especially ones part of the Honeynet Alliance that have done bot net visualization work. I am working with some of them to come up with some better methods also. To get some ideas, visit SecViz: http://secviz.org Raffael -- Raffael Marty @zrlram Chief Security Strategist @ Splunk> Security Visualization: http://secviz.org raffy.ch/blog On Feb 23, 2009, at 9:03 AM, Chris Brown wrote:I use the Netwitness NextGen platform, www.netwitness.com this provides full packet capture for forensic analysis and incident response. Excellent for detecting Botnets and encrypted C&C channels especially when combined with a threat feed. Regards Chris -----Original Message----- From: listbounce () securityfocus com[mailto:listbounce () securityfocus com] On Behalf Of saintarmin () hotmail com Sent: 23 February 2009 16:13 To: focus-ids () securityfocus com Subject: About detecting bots.... Hi Well I like so much ask your opinion using this way... In thistime,Im very interesting about, How you can detect bots on your network? In the last month I implement on my network Bothunter (you can see http://www.bothunter.net), but to my it doesnt still work very well.This tool dont have found any bot in my network, and doing an analyse using NSM I found some of them. Well Do you use some technich, tools, or anything else to find some bots in your network? I know this is a very new field on research, butmaybeyou know about something that can help detecting this kind of malware. thanks for all. regards Armin Garcia
Current thread:
- About detecting bots.... saintarmin (Feb 23)
- RE: About detecting bots.... Richard Golodner (Feb 23)
- RE: About detecting bots.... Chris Brown (Feb 23)
- Re: About detecting bots.... Raffael Marty (Feb 24)
- Re: About detecting bots.... Mac Rosel (Feb 25)
- Re: About detecting bots.... Raffael Marty (Feb 24)
- <Possible follow-ups>
- Re: RE: About detecting bots.... saintarmin (Feb 25)
- RE: RE: About detecting bots.... Chris Brown (Feb 25)