In order to cut down your time of going through textual logs, I
recommend using some kind of visualization to analyze the log data
that you capture. There are a number of people, especially ones part
of the Honeynet Alliance that have done bot net visualization work. I
am working with some of them to come up with some better methods also.
To get some ideas, visit SecViz: http://secviz.org
Raffael
--
Raffael Marty @zrlram
Chief Security Strategist @ Splunk>
Security Visualization: http://secviz.org raffy.ch/blog
On Feb 23, 2009, at 9:03 AM, Chris Brown wrote:
I use the Netwitness NextGen platform, www.netwitness.com this
provides full
packet capture for forensic analysis and incident response.
Excellent for
detecting Botnets and encrypted C&C channels especially when
combined with a
threat feed.
Regards
Chris
-----Original Message-----
From: [email protected] [mailto:[email protected]
] On
Behalf Of [email protected]
Sent: 23 February 2009 16:13
To: [email protected]
Subject: About detecting bots....
Hi
Well I like so much ask your opinion using this way... In this time,
Im very
interesting about, How you can detect bots on your network?
In the last month I implement on my network Bothunter (you can see
http://www.bothunter.net), but to my it doesnt still work very
well.This
tool dont have found any bot in my network, and doing an analyse
using NSM
I found some of them.
Well Do you use some technich, tools, or anything else to find some
bots in
your network? I know this is a very new field on research, but maybe
you
know about something that can help detecting this kind of malware.
thanks for all.
regards
Armin Garcia
