[Snort-users] Need help to detect BOTNET-CNC Palevo bot DNSattack

babu dheen babudheen at ...5176...
Mon Dec 12 04:38:18 EST 2011

Dear Jason,
 If a client is not using proxy in its browser, DNS request will not go to proxy at all. So installing snort in proxy will not help on this.
 Can you suggest me more about this attack.. This attack says DNS query contains botnet CNC request only.

--- On Mon, 12/12/11, Jason Haar <Jason_Haar at ...15306...> wrote:

From: Jason Haar <Jason_Haar at ...15306...>
Subject: Re: [Snort-users] Need help to detect BOTNET-CNC Palevo bot DNSattack
To: snort-users at lists.sourceforge.net
Date: Monday, 12 December, 2011, 2:32 PM

That's the problem with "proxy" services - like DNS. You end up wishing
you had snort installed on almost every server :-/

(we install snort on our proxies for this reason ;-)


Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1

Learn Windows Azure Live!  Tuesday, Dec 13, 2011
Microsoft is holding a special Learn Windows Azure training event for 
developers. It will provide a great way to learn Windows Azure and what it 
provides. You can attend the event by watching it streamed LIVE online.  
Learn more at http://p.sf.net/sfu/ms-windowsazure
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

Please visit http://blog.snort.org to stay current on all the latest Snort news!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20111212/0b6f5a69/attachment.html>

More information about the Snort-users mailing list