[Snort-users] Zombie detection rules

Jones, Christopher (Chris) (Maj) cajones1 at ...17771...
Thu Feb 16 12:39:39 EST 2017


Paul,

I’m pretty new to snort but something that crossed my mind is having a list of known or suspected bot herder IPs in a black list.  I just did a quick search online and found a website that may give you a blacklist of bad IPs.  You could just log traffic to and from those IPs.

https://mxtoolbox.com/problem/blacklist/

Chris


From: Paul Li [mailto:paul at ...17768...]
Sent: Wednesday, February 15, 2017 8:32 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Zombie detection rules

Is there any snort rule for zombies detection: to detect if the devices snort is monitoring are used as zombies. Or some rules that can detect large outgress traffic from a monitored device would also work.

Thanks,
Paul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20170216/29841546/attachment.html>


More information about the Snort-users mailing list