[Snort-users] Newbie: Bot Detection Rule

Craig Woods res06ztt at ...1127...
Thu Jun 21 14:48:52 EDT 2001


Hi George,

Because you did not say much about your setup, i.e. OS type, networked
or stand alone server, or just a workstation using ppp, I thought I
would toss in some added info. Hopefully you have filtered any ports you
have listening on an internet interface. Snort, like any IDS, will
report an attempted or a successful intrusion. Just make sure you are
running some kind of firewall protection that prevents such intrusions.

Notwithstanding Gibson's perceived reputation (the point here is not
about Steve Gibson's personality but it is about the principal of what a
DDOS attack is all about), his account of the attack is worthy of being
read and understood. A DDOS attack is "real", and should be considered
in any attempts to secure your machine.

Just my two cents,
Craig Woods
UNIX SA 

George Yobst wrote:
> 
> Hi all,
> I was just reading this article about how Gibson Research
> was knocked off the net ( http://grc.com/dos/grcdos.htm ).
> Near the end of the article was a section on detecting these
> bots.  As a new snort user, I can probably RTM and create
> some rules that create an alert for ports 6667 and 113,
> but how do I test it?  -George
> ---------------------------------------------------------------------------
> George Yobst, Library Technology Specialist     phone: 503.723.4890
> Library Information Network of Clackamas County   fax: 503.794.8238
> 16239 SE McLoughlin Blvd, Suite 208         web: http://www.lincc.lib.or.us
> Oak Grove, OR 97267-4654                  email: george at ...2364...
> "...it is impossible for anyone to begin to learn
>  what he thinks he already knows."  - Epictetus
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list