I use the Netwitness NextGen platform, www.netwitness.com this provides full packet capture for forensic analysis and incident response. Excellent for detecting Botnets and encrypted C&C channels especially when combined with a threat feed.
Regards Chris -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of [email protected] Sent: 23 February 2009 16:13 To: [email protected] Subject: About detecting bots.... Hi Well I like so much ask your opinion using this way... In this time, Im very interesting about, How you can detect bots on your network? In the last month I implement on my network Bothunter (you can see http://www.bothunter.net), but to my it doesnt still work very well.This tool dont have found any bot in my network, and doing an analyse using NSM I found some of them. Well Do you use some technich, tools, or anything else to find some bots in your network? I know this is a very new field on research, but maybe you know about something that can help detecting this kind of malware. thanks for all. regards Armin Garcia
