Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Newbie: Bot Detection Rule

From: George Yobst <george () lincc lib or us>
Date: Thu, 21 Jun 2001 09:50:51 -0700 (PDT)

Hi all,
I was just reading this article about how Gibson Research
was knocked off the net ( http://grc.com/dos/grcdos.htm ).
Near the end of the article was a section on detecting these
bots.  As a new snort user, I can probably RTM and create
some rules that create an alert for ports 6667 and 113,
but how do I test it?  -George
---------------------------------------------------------------------------
George Yobst, Library Technology Specialist     phone: 503.723.4890
Library Information Network of Clackamas County   fax: 503.794.8238
16239 SE McLoughlin Blvd, Suite 208         web: http://www.lincc.lib.or.us
Oak Grove, OR 97267-4654                  email: george () lincc lib or us
"...it is impossible for anyone to begin to learn
 what he thinks he already knows."  - Epictetus


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: