I have used that sites guides in the past to find and identify infected systems using snort and patterns people built for snort. Worked as good as a commercial product our security team had installed at the time.
Steven On Mon, Mar 30, 2009 at 6:04 AM, Steve Kistenmacher <s_kistenmac...@hotmail.com> wrote: > you can run snort on windows it's called winsnort > http://www.winsnort.com/ > > -----Original Message----- > From: James Rankin [mailto:kz2...@googlemail.com] > Sent: Monday, March 30, 2009 8:47 AM > To: NT System Admin Issues > Subject: Re: Conflicker detector > > Actually maybe you can run Snort on Windows, but I haven't tried it - > others may have > > http://www.sans.org/resources/idfaq/snort.php > > 2009/3/30 Glen Johnson <gjohn...@vhcc.edu>: >> We need to set up something that will detect this virus and possibly any >> future virus outbreaks. >> >> We've got av on the computers but I'd like some kind of monitoring system. >> Preferably windows based as we don't have any nix experience. >> >> I had a ntop extra box running but I read that it is no longer supported. >> >> Maybe an IDS or something. >> >> Any suggestions, experiences or horror stories? >> >> Low or no cost would be good but is not mandatory. >> >> >> >> > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
