Have you tried simple nmap scans? A syn and version detection may reveal connections on uncommon ports typical of bots. Or, there are custom script scans design specifically for this purpose. Like, smtp-open-relay.
Mac Quoting Raffael Marty <[email protected]>: > In order to cut down your time of going through textual logs, I > recommend using some kind of visualization to analyze the log data > that you capture. There are a number of people, especially ones part > of the Honeynet Alliance that have done bot net visualization work. I > am working with some of them to come up with some better methods > also. > > To get some ideas, visit SecViz: http://secviz.org > > Raffael > > -- > Raffael Marty @zrlram > Chief Security Strategist @ Splunk> > Security Visualization: http://secviz.org raffy.ch/blog > > On Feb 23, 2009, at 9:03 AM, Chris Brown wrote: > > > I use the Netwitness NextGen platform, www.netwitness.com this > > provides full > > packet capture for forensic analysis and incident response. > > Excellent for > > detecting Botnets and encrypted C&C channels especially when > > combined with a > > threat feed. > > > > Regards > > > > Chris > > > > > > > > -----Original Message----- > > From: [email protected] > [mailto:[email protected] > > ] On > > Behalf Of [email protected] > > Sent: 23 February 2009 16:13 > > To: [email protected] > > Subject: About detecting bots.... > > > > Hi > > > > Well I like so much ask your opinion using this way... In this > time, > > Im very > > interesting about, How you can detect bots on your network? > > > > In the last month I implement on my network Bothunter (you can see > > http://www.bothunter.net), but to my it doesnt still work very > > well.This > > tool dont have found any bot in my network, and doing an analyse > > using NSM > > I found some of them. > > > > Well Do you use some technich, tools, or anything else to find some > > bots in > > your network? I know this is a very new field on research, but > maybe > > you > > know about something that can help detecting this kind of malware. > > > > thanks for all. > > > > regards > > Armin Garcia > > > > > > > > > > > > > > > > > >
