To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- On Sat, 4 Mar 2006, Gadi Evron wrote:
> These filters work to a level.. but I believe what's required here is > some insight as to how to detect botnets on a network, as well as get > the C&C data from samples. detecting crypto where you don't expect it: marius eriksen's netics with the appropriate pcap filters. follow the sample: IDA Pro, look for a JOIN, trace to/from there. > What are your tricks? What tools do you use? if you have a big network view, one of the things we do is watch for all non-well known IRC server usage on common IRC ports. hand investigation then. works pretty well, actually. ________ jose nazario, ph.d. [EMAIL PROTECTED] http://monkey.org/~jose/ http://infosecdaily.net/ http://www.wormblog.com/ _______________________________________________ botnets mailing list To report a botnet PRIVATELY please email: [EMAIL PROTECTED] http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
