Snort mailing list archives
Re: Need help to detect BOTNET-CNC Palevo bot DNSattack
From: babu dheen <babudheen () yahoo co in>
Date: Mon, 12 Dec 2011 15:08:18 +0530 (IST)
Dear Jason, If a client is not using proxy in its browser, DNS request will not go to proxy at all. So installing snort in proxy will not help on this. Can you suggest me more about this attack.. This attack says DNS query contains botnet CNC request only. Regards BABU --- On Mon, 12/12/11, Jason Haar <Jason_Haar () trimble com> wrote: From: Jason Haar <Jason_Haar () trimble com> Subject: Re: [Snort-users] Need help to detect BOTNET-CNC Palevo bot DNSattack To: snort-users () lists sourceforge net Date: Monday, 12 December, 2011, 2:32 PM That's the problem with "proxy" services - like DNS. You end up wishing you had snort installed on almost every server :-/ (we install snort on our proxies for this reason ;-) -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ------------------------------------------------------------------------------ Learn Windows Azure Live! Tuesday, Dec 13, 2011 Microsoft is holding a special Learn Windows Azure training event for developers. It will provide a great way to learn Windows Azure and what it provides. You can attend the event by watching it streamed LIVE online. Learn more at http://p.sf.net/sfu/ms-windowsazure _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Learn Windows Azure Live! Tuesday, Dec 13, 2011 Microsoft is holding a special Learn Windows Azure training event for developers. It will provide a great way to learn Windows Azure and what it provides. You can attend the event by watching it streamed LIVE online. Learn more at http://p.sf.net/sfu/ms-windowsazure
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Need help to detect BOTNET-CNC Palevo bot DNS attack babu dheen (Dec 11)
- Re: Need help to detect BOTNET-CNC Palevo bot DNS attack James Lay (Dec 11)
- Re: Need help to detect BOTNET-CNC Palevo bot DNSattack Jason Haar (Dec 12)
- Re: Need help to detect BOTNET-CNC Palevo bot DNSattack babu dheen (Dec 12)
- Re: Need help to detect BOTNET-CNC Palevo bot DNSattack Martin Holste (Dec 12)
- Re: Need help to detect BOTNET-CNC Palevo bot DNSattack babu dheen (Dec 13)
- Re: Need help to detect BOTNET-CNC Palevo bot DNSattack Martin Holste (Dec 13)
- Re: Need help to detect BOTNET-CNC Palevo bot DNSattack Jason Haar (Dec 12)
- Re: Need help to detect BOTNET-CNC Palevo bot DNS attack James Lay (Dec 11)
- Re: Need help to detect BOTNET-CNC Palevo bot DNS attack babu dheen (Dec 12)
- Re: Need help to detect BOTNET-CNC Palevo bot DNS attack babu dheen (Dec 12)
- Re: Need help to detect BOTNET-CNC Palevo bot DNS attack Kevin Ross (Dec 12)