Yes it does in the same way a swiss army knife qualifies as a corkscrew. I just think that much like the kindle, any good tool should do just one thing and do it really well. On Jun 14, 2013 10:43 PM, "Kyle Spencer" <[email protected]> wrote:
> Snort definitely qualifies as an IPS. > On Jun 14, 2013 10:40 PM, "Simon Vass" <[email protected]> wrote: > >> True, but it can also take action based on those rules such as closing >> ports, blocking IP's etc. so preventing it's spread or initial infection >> via a network connection. >> >> This is a link to their analysis of it >> http://labs.snort.org/papers/zeus.html >> >> >> http://santi-bassett.blogspot.co.uk/2012/09/ossim-hands-on-7-detecting-network.html >> >> >> >> Simon >> >> On 14 June 2013 16:18, Peter Atkin <[email protected]> wrote: >> >>> Ahh understand thanks for the clarification.**** >>> >>> ** ** >>> >>> Kind Regards **** >>> >>> **** >>> >>> Peter Atkin**** >>> >>> (C.T.O)**** >>> >>> cfts.co (u) ltd.**** >>> >>> **** >>> >>> Get I.T.Right **** >>> >>> +256-772-700781 | Skype: peter2cfu**** >>> >>> www.cfts.co.ug <http://www.cfts.co/> | location >>> details<http://www.cfts.co/contacts.html>| view >>> my profile <http://ug.linkedin.com/in/peteratkin>**** >>> >>> ** ** >>> >>> *From:* James S. K. Makumbi [mailto:[email protected]] >>> *Sent:* Friday, June 14, 2013 6:08 PM >>> >>> *To:* [email protected]; 'Uganda Linux User Group' >>> *Subject:* RE: [LUG] Zeus Botnet C&C in our neighbourhood**** >>> >>> ** ** >>> >>> Snort is more about intrusion detection and network monitoring. What you >>> are looking for is an intrusion prevention system.**** >>> >>> ** ** >>> >>> *From:* [email protected] >>> [mailto:[email protected]<[email protected]>] >>> *On Behalf Of *Peter Atkin >>> *Sent:* 14 June 2013 17:57 >>> *To:* [email protected]; 'Uganda Linux User Group' >>> *Subject:* Re: [LUG] Zeus Botnet C&C in our neighbourhood**** >>> >>> ** ** >>> >>> Tel me more, not familiar with snort rules… always ready to learn and >>> share.**** >>> >>> ** ** >>> >>> Kind Regards **** >>> >>> **** >>> >>> Peter Atkin**** >>> >>> (C.T.O)**** >>> >>> cfts.co (u) ltd.**** >>> >>> **** >>> >>> Get I.T.Right **** >>> >>> +256-772-700781 | Skype: peter2cfu**** >>> >>> www.cfts.co.ug <http://www.cfts.co/> | location >>> details<http://www.cfts.co/contacts.html>| view >>> my profile <http://ug.linkedin.com/in/peteratkin>**** >>> >>> ** ** >>> >>> *From:* Simon Vass [mailto:[email protected] <[email protected]>] >>> *Sent:* Friday, June 14, 2013 5:24 PM >>> *To:* [email protected]; Uganda Linux User Group >>> *Subject:* Re: [LUG] Zeus Botnet C&C in our neighbourhood**** >>> >>> ** ** >>> >>> I think snort rules might cover both of these. Great firewall IDS.**** >>> >>> On 14 June 2013 11:14, Peter Atkin <[email protected]> wrote:**** >>> >>> Hi Philip,**** >>> >>> **** >>> >>> My Bad should have read more thoroughly Zeus and SpyEye are competing >>> products working in a similar fashion, uploading IP block list now into our >>> firewall for both Zeus and SpyEye.**** >>> >>> >>> Certainly do not want to be victim of a bot net take over or attack.. >>> thanks for the heads up**** >>> >>> **** >>> >>> Kind Regards **** >>> >>> **** >>> >>> Peter Atkin**** >>> >>> (C.T.O)**** >>> >>> cfts.co (u) ltd.**** >>> >>> **** >>> >>> Get I.T.Right **** >>> >>> +256-772-700781 | Skype: peter2cfu**** >>> >>> www.cfts.co.ug <http://www.cfts.co/> | location >>> details<http://www.cfts.co/contacts.html>| view >>> my profile <http://ug.linkedin.com/in/peteratkin>**** >>> >>> **** >>> >>> *From:* [email protected] [mailto:[email protected]] *On >>> Behalf Of *Phillip Simbwa >>> *Sent:* Friday, June 14, 2013 12:47 PM >>> *To:* lug >>> *Subject:* Re: [LUG] Zeus Botnet C&C in our neighbourhood**** >>> >>> **** >>> >>> @Peter (Atkin)**** >>> >>> >>> The link I shared specifically tracks Zeus NOT SpyEye!**** >>> >>> Here is the link sent earlier: https://zeustracker.abuse.ch/index.php*** >>> * >>> >>> And this is what I posted: >>> ************************************************************** >>> Zeus is one of the most successful financial botnets in the history of >>> botnets. >>> Its very sophisticated and hard to detect let alone decisively deal with. >>> It was has been used to hit mainly financial institutions but the recent >>> trend is hitting any corporate organization. >>> >>> Why should you worry? >>> >>> There is a command and control (C&C) server in Rwanda and its been there >>> since last year. >>> https://zeustracker.abuse.ch/index.php >>> The ISP serving this server happens to be MTN Rwandacell. >>> >>> Our UGCERT could start watching for any traffic terminating to that >>> server >>> (IP: 41.186.24.58) just in case that turns out to be the regional C&C . >>> >>> For the CIOs, check your network logs just in case... >>> >>> Cheers, >>> >>> -- >>> - Phillip. >>> >>> ******************************************************************** >>> >>> **** >>> >>> The links you have provided however track SpyEye and indeed there isn't >>> any SpyEye C&C on that server in Rwanda.**** >>> >>> **** >>> >>> I think your were using looking for the wrong thing here...**** >>> >>> **** >>> >>> >>> -- >>> - Phillip. >>> >>> “Aoccdrnig to rscheearch at an Elingsh uinervtisy, it deosn't mttaer in >>> waht >>> oredr the ltteers in a wrod are, the olny iprmoetnt tihng is taht the >>> frist >>> and lsat ltteer are in the rghit pclae. >>> The rset can be a toatl mses and >>> you can sitll raed it wouthit a porbelm. Tihs is bcuseae we do not raed >>> ervey lteter by it slef but the wrod as a wlohe and the biran fguiers it >>> out aynawy." **** >>> >>> ** ** >>> >>> >>> __________________________________________________________________________________ >>> This e-mail is company confidential and may contain legally privileged >>> information. >>> If you are not the intended recipient, you should not copy, distribute, >>> disclose or use the information it contains. Please e-mail the sender >>> immediately and delete this message from your system. >>> Note: e-mails are susceptible to corruption, interception and >>> unauthorized amendment; we do not accept liability for any such changes, or >>> for their consequences.**** >>> >>> >>> _______________________________________________ >>> The Uganda Linux User Group: http://linux.or.ug >>> >>> Send messages to this mailing list by addressing e-mails to: >>> [email protected] >>> Mailing list archives: http://www.mail-archive.com/[email protected]/ >>> Mailing list settings: http://kym.net/mailman/listinfo/lug >>> To unsubscribe: http://kym.net/mailman/options/lug >>> >>> The Uganda LUG mailing list is generously hosted by INFOCOM: >>> http://www.infocom.co.ug/ >>> >>> The above comments and data are owned by whoever posted them (including >>> attachments if any). The mailing list host is not responsible for them in >>> any way.**** >>> >>> >>> >>> **** >>> >>> ** ** >>> >>> -- >>> Simon Vass**** >>> >>> Managing Director**** >>> >>> E-Tech Uganda Ltd**** >>> >>> http://www.etech.ug**** >>> >>> Tel: +256 (0) 312260620**** >>> >>> Email: [email protected]**** >>> >>> ** ** >>> >>> >>> >>> __________________________________________________________________________________ >>> This e-mail is company confidential and may contain legally privileged >>> information. >>> If you are not the intended recipient, you should not copy, distribute, >>> disclose or use the information it contains. Please e-mail the sender >>> immediately and delete this message from your system. >>> Note: e-mails are susceptible to corruption, interception and >>> unauthorized amendment; we do not accept liability for any such changes, or >>> for their consequences.**** >>> >>> >>> __________________________________________________________________________________ >>> This e-mail is company confidential and may contain legally privileged >>> information. >>> If you are not the intended recipient, you should not copy, distribute, >>> disclose or use the information it contains. Please e-mail the sender >>> immediately and delete this message from your system. >>> Note: e-mails are susceptible to corruption, interception and >>> unauthorized amendment; we do not accept liability for any such changes, or >>> for their consequences. >>> >>> _______________________________________________ >>> The Uganda Linux User Group: http://linux.or.ug >>> >>> Send messages to this mailing list by addressing e-mails to: >>> [email protected] >>> Mailing list archives: http://www.mail-archive.com/[email protected]/ >>> Mailing list settings: http://kym.net/mailman/listinfo/lug >>> To unsubscribe: http://kym.net/mailman/options/lug >>> >>> The Uganda LUG mailing list is generously hosted by INFOCOM: >>> http://www.infocom.co.ug/ >>> >>> The above comments and data are owned by whoever posted them (including >>> attachments if any). The mailing list host is not responsible for them in >>> any way. >>> >> >> >> >> -- >> Simon Vass >> Managing Director >> E-Tech Uganda Ltd >> http://www.etech.ug >> Tel: +256 (0) 312260620 >> Email: [email protected] >> >> >> _______________________________________________ >> The Uganda Linux User Group: http://linux.or.ug >> >> Send messages to this mailing list by addressing e-mails to: >> [email protected] >> Mailing list archives: http://www.mail-archive.com/[email protected]/ >> Mailing list settings: http://kym.net/mailman/listinfo/lug >> To unsubscribe: http://kym.net/mailman/options/lug >> >> The Uganda LUG mailing list is generously hosted by INFOCOM: >> http://www.infocom.co.ug/ >> >> The above comments and data are owned by whoever posted them (including >> attachments if any). The mailing list host is not responsible for them in >> any way. >> > > _______________________________________________ > The Uganda Linux User Group: http://linux.or.ug > > Send messages to this mailing list by addressing e-mails to: > [email protected] > Mailing list archives: http://www.mail-archive.com/[email protected]/ > Mailing list settings: http://kym.net/mailman/listinfo/lug > To unsubscribe: http://kym.net/mailman/options/lug > > The Uganda LUG mailing list is generously hosted by INFOCOM: > http://www.infocom.co.ug/ > > The above comments and data are owned by whoever posted them (including > attachments if any). The mailing list host is not responsible for them in > any way. >
_______________________________________________ The Uganda Linux User Group: http://linux.or.ug Send messages to this mailing list by addressing e-mails to: [email protected] Mailing list archives: http://www.mail-archive.com/[email protected]/ Mailing list settings: http://kym.net/mailman/listinfo/lug To unsubscribe: http://kym.net/mailman/options/lug The Uganda LUG mailing list is generously hosted by INFOCOM: http://www.infocom.co.ug/ The above comments and data are owned by whoever posted them (including attachments if any). The mailing list host is not responsible for them in any way.
