[Snort-users] Malware detection with Snort

Daniel Calvo Castro daniel.calvo at ...16597...
Mon Nov 25 12:50:00 EST 2013


Hi list,

I´m new to network forensics and I´m wondering what would be the best
approach in order to detect a possible malware which is attacking a famous
online site from inside my organization on port 25 as far as I know, that
is what I thought in first instance:

 - Take Core? switch,configure port mirroring and start sniffing with
snort, filtering by ip address of the online site being attacked and store
the bunch of data for further analysis and reporting.

Is there some further measures / resources / tools / open source projects
or experience that would help me to detect the compromised system? Im
reading Malware Analysis Cookbook and getting some cool ideas.

Any help would be appreciated

Thanks in advance!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20131125/cfb09113/attachment.html>


More information about the Snort-users mailing list