Snort mailing list archives
Re: Newbie: Bot Detection Rule
From: Craig Woods <res06ztt () gte net>
Date: Thu, 21 Jun 2001 13:48:52 -0500
Hi George, Because you did not say much about your setup, i.e. OS type, networked or stand alone server, or just a workstation using ppp, I thought I would toss in some added info. Hopefully you have filtered any ports you have listening on an internet interface. Snort, like any IDS, will report an attempted or a successful intrusion. Just make sure you are running some kind of firewall protection that prevents such intrusions. Notwithstanding Gibson's perceived reputation (the point here is not about Steve Gibson's personality but it is about the principal of what a DDOS attack is all about), his account of the attack is worthy of being read and understood. A DDOS attack is "real", and should be considered in any attempts to secure your machine. Just my two cents, Craig Woods UNIX SA George Yobst wrote:
Hi all, I was just reading this article about how Gibson Research was knocked off the net ( http://grc.com/dos/grcdos.htm ). Near the end of the article was a section on detecting these bots. As a new snort user, I can probably RTM and create some rules that create an alert for ports 6667 and 113, but how do I test it? -George --------------------------------------------------------------------------- George Yobst, Library Technology Specialist phone: 503.723.4890 Library Information Network of Clackamas County fax: 503.794.8238 16239 SE McLoughlin Blvd, Suite 208 web: http://www.lincc.lib.or.us Oak Grove, OR 97267-4654 email: george () lincc lib or us "...it is impossible for anyone to begin to learn what he thinks he already knows." - Epictetus _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Newbie: Bot Detection Rule George Yobst (Jun 21)
- Re: Newbie: Bot Detection Rule Craig Woods (Jun 21)
- Re: Newbie: Bot Detection Rule George Yobst (Jun 21)
- Re: Newbie: Bot Detection Rule Chris Green (Jun 21)
- Re: Newbie: Bot Detection Rule George Yobst (Jun 21)
- Re: Newbie: Bot Detection Rule Brian Caswell (Jun 21)
- Re: Newbie: Bot Detection Rule Vitaly Osipov (Jun 22)
- Re: Newbie: Bot Detection Rule Craig Woods (Jun 21)