To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- I still recommend IDS/IPS on your perimeter. There are snort signatures for all the known botnet C&C channels. They're reliable, low load. And more importantly, free. :)
www.bleedingthreats.net Matt John Lampe wrote: > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > ---------- > Desai, Ashish wrote: > > >> If you machines go through a http proxy, you can check the proxy logs >> for crud. >> > > Hi list, > I'm curious how commercial products are doing this today? We went > public with the hybrid approach that we use (netflow, IDS, passive > scanning, firewall logs, etc [1]). Gadi's DNS anomaly check was a good > one that we don't currently use. > > [1] http://blog.tenablesecurity.com/2006/08/detecting_crowd.html > -- -------------------------------------------- Matthew Jonkman Bleeding Edge Threats 765-429-0398 765-807-3060 fax http://www.bleedingthreats.net -------------------------------------------- PGP: http://www.bleedingthreats.com/mattjonkman.asc _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
