To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- My company has developed a defense for our firewall and IPS that looks for IRC protocol traffic, regardless of the port. While not perfect, it provides good detection of IRC based bots. A related feature, to detect SSL on non-standard ports, also helps with SSL encrypted IRC connections (but I don't know if bots actually use SSL'ed IRC connections). Y.
-----Original Message----- From: Thomas Raef [mailto:[EMAIL PROTECTED] Sent: Friday, March 03, 2006 8:55 AM To: [EMAIL PROTECTED] Subject: [botnets] Anyone using layer 7? To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- I've been using a linux box with iptables and l7-filter to detect botnets on local networks. It's done quite a fine job of detecting the traffic rather than just identifying it by destination port. Anyone else trying this? Thomas J. Raef e-Based Security, Inc. www.ebasedsecurity.com "You're either hardened, or you're hacked!" _______________________________________________ botnets mailing list To report a botnet PRIVATELY please email: [EMAIL PROTECTED] http://www.whitestar.linuxbox.org/mailman/listinfo/botnets _______________________________________________ botnets mailing list To report a botnet PRIVATELY please email: [EMAIL PROTECTED] http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
