To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- On Fri, 3 Mar 2006, Thomas Raef wrote:
> To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > ---------- > I've been using a linux box with iptables and l7-filter to detect > botnets on local networks. > > It's done quite a fine job of detecting the traffic rather than just > identifying it by destination port. > > Anyone else trying this? Was doing something similar with ngrep and port mirroring in a couple of places. The expression was IRC-specific but it did show up a few things that otherwise slipped under the radar. Are you looking for Jabber and other methods too? Not sure how prevalent they are but I'm guessing it's on the increase - Gadi will probably be able to tell us more. I do also wonder how popular SSL transport is. Cheers, Jess. _______________________________________________ botnets mailing list To report a botnet PRIVATELY please email: [EMAIL PROTECTED] http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
