[Snort-users] Check network for system broadcasts...

David Glosser david_glosser at ...131...
Fri Oct 13 17:07:55 EDT 2006


- Ask users to leave their machines on one evening.
Check the firewall logs for traffic between, say,
2:00am and 4:00am.  Any desktop with internet traffic
at that time may well have spyware checking in

-run snort with the bleedingsnort
(bleedingthreats.com) malware and antivirus rules 

-load your local dns server with domains associated
with spyware to loopback or redirect to a local apache
web server. Then examine the server logs for hits. 
An example
http://www.bleedingthreats.com/blackhole-dns/ 






--- Akashdeep Bhardwaj <bhrdwh at ...131...> wrote:

> Hi,
>   I am looking for a low cost, simple implementation
> for 250 systems with different OS (all types of
> microsoft, linux, unix, solaris, mac...) connected
> via L2 and L3 Cisco and 3com switches (most of these
> switches are SNMP) having 5 VLANs to - 
>   1. Detect if a port on particular switch (read
> machine) broadcasts more that a threshold that I
> define, to detect virus/spyware broadcasts.
>   2. Detect Spyware & Malware on the network.
>    
>   Any help is appriciated.
>    
>   Thanks in advance,
>    
>   Akash
>   Bhrdwh at ...131... 
>    
> 
>  		
> ---------------------------------
> How low will we go? Check out Yahoo! Messenger’s low
>  PC-to-Phone call rates.>
-------------------------------------------------------------------------
> Using Tomcat but need to do more? Need to support
> web services, security?
> Get stuff done quickly with pre-integrated
> technology to make your job easier
> Download IBM WebSphere Application Server v.1.0.1
> based on Apache Geronimo
>
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642>
_______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or
> unsubscribe:
>
https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
>
http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list