To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
----------
Yaniv Kaul wrote:
> My company has developed a defense for our firewall and IPS that looks
> for IRC protocol traffic, regardless of the port.
> While not perfect, it provides good detection of IRC based bots.
> A related feature, to detect SSL on non-standard ports, also helps with
> SSL encrypted IRC connections (but I don't know if bots actually use
> SSL'ed IRC connections).
I let this email through because I know Yaniv, and I know he didn't try
to do a commercial injection.
These filters work to a level.. but I believe what's required here is
some insight as to how to detect botnets on a network, as well as get
the C&C data from samples.
Any takers?
What are your tricks? What tools do you use?
Gadi.
_______________________________________________
botnets mailing list
To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
