[Snort-users] Check network for system broadcasts...

David Glosser david_glosser at ...131...
Fri Oct 13 17:07:37 EDT 2006

- Ask users to leave their machines on one evening.
Check the firewall logs for traffic between, say,
2:00am and 4:00am.  Any desktop with internet traffic
at that time may well have spyware checking in

-run snort with the bleedingsnort
(bleedingthreats.com) malware and antivirus rules 

-load your local dns server with domains associated
with spyware to loopback or redirect to a local apache
web server. Then examine the server logs for hits. 
An example

--- Akashdeep Bhardwaj <bhrdwh at ...131...> wrote:

> Hi,
>   I am looking for a low cost, simple implementation
> for 250 systems with different OS (all types of
> microsoft, linux, unix, solaris, mac...) connected
> via L2 and L3 Cisco and 3com switches (most of these
> switches are SNMP) having 5 VLANs to - 
>   1. Detect if a port on particular switch (read
> machine) broadcasts more that a threshold that I
> define, to detect virus/spyware broadcasts.
>   2. Detect Spyware & Malware on the network.
>   Any help is appriciated.
>   Thanks in advance,
>   Akash
>   Bhrdwh at ...131... 
> ---------------------------------
> How low will we go? Check out Yahoo! Messenger’s low
>  PC-to-Phone call rates.>
> Using Tomcat but need to do more? Need to support
> web services, security?
> Get stuff done quickly with pre-integrated
> technology to make your job easier
> Download IBM WebSphere Application Server v.1.0.1
> based on Apache Geronimo
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or
> unsubscribe:
> Snort-users list archive:

More information about the Snort-users mailing list