Snort mailing list archives
Re: Check network for system broadcasts...
From: David Glosser <david_glosser () yahoo com>
Date: Fri, 13 Oct 2006 14:07:55 -0700 (PDT)
- Ask users to leave their machines on one evening. Check the firewall logs for traffic between, say, 2:00am and 4:00am. Any desktop with internet traffic at that time may well have spyware checking in -run snort with the bleedingsnort (bleedingthreats.com) malware and antivirus rules -load your local dns server with domains associated with spyware to loopback or redirect to a local apache web server. Then examine the server logs for hits. An example http://www.bleedingthreats.com/blackhole-dns/ --- Akashdeep Bhardwaj <bhrdwh () yahoo com> wrote:
Hi,
I am looking for a low cost, simple implementation
for 250 systems with different OS (all types of
microsoft, linux, unix, solaris, mac...) connected
via L2 and L3 Cisco and 3com switches (most of these
switches are SNMP) having 5 VLANs to -
1. Detect if a port on particular switch (read
machine) broadcasts more that a threshold that I
define, to detect virus/spyware broadcasts.
2. Detect Spyware & Malware on the network.
Any help is appriciated.
Thanks in advance,
Akash
Bhrdwh () yahoo com
---------------------------------
How low will we go? Check out Yahoo! Messengers low
PC-to-Phone call rates.>
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642> _______________________________________________
Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Testing rpc decoder snort user (Oct 12)
- Re: Testing rpc decoder Martin Roesch (Oct 13)
- Check network for system broadcasts... Akashdeep Bhardwaj (Oct 13)
- Re: Check network for system broadcasts... David Glosser (Oct 13)
- Re: Check network for system broadcasts... David Glosser (Oct 13)
- Re: Testing rpc decoder snort user (Oct 13)
- Check network for system broadcasts... Akashdeep Bhardwaj (Oct 13)
- Re: Testing rpc decoder Martin Roesch (Oct 13)