[Snort-users] Need help to detect BOTNET-CNC Palevo bot DNSattack

Martin Holste mcholste at ...11827...
Mon Dec 12 08:53:29 EST 2011


Alternatively, you can run Bro IDS alongside Snort to record DNS,
HTTP, SSL, SMTP, etc. conversations for reference and context to a
Snort alert.

On Mon, Dec 12, 2011 at 3:02 AM, Jason Haar <Jason_Haar at ...15306...> wrote:
> That's the problem with "proxy" services - like DNS. You end up wishing
> you had snort installed on almost every server :-/
>
> (we install snort on our proxies for this reason ;-)
>
>
> --
> Cheers
>
> Jason Haar
> Information Security Manager, Trimble Navigation Ltd.
> Phone: +1 408 481 8171
> PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
>
>
> ------------------------------------------------------------------------------
> Learn Windows Azure Live!  Tuesday, Dec 13, 2011
> Microsoft is holding a special Learn Windows Azure training event for
> developers. It will provide a great way to learn Windows Azure and what it
> provides. You can attend the event by watching it streamed LIVE online.
> Learn more at http://p.sf.net/sfu/ms-windowsazure
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!




More information about the Snort-users mailing list