[Snort-users] Zombie detection rules
Jones, Christopher (Chris) (Maj)
cajones1 at ...17771...
Thu Feb 16 12:39:39 EST 2017
I’m pretty new to snort but something that crossed my mind is having a list of known or suspected bot herder IPs in a black list. I just did a quick search online and found a website that may give you a blacklist of bad IPs. You could just log traffic to and from those IPs.
From: Paul Li [mailto:paul at ...17768...]
Sent: Wednesday, February 15, 2017 8:32 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Zombie detection rules
Is there any snort rule for zombies detection: to detect if the devices snort is monitoring are used as zombies. Or some rules that can detect large outgress traffic from a monitored device would also work.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users