Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Snort-users] Check network for system broadcasts...

from [David Glosser] Network Security [Permanent Link]
Subject: Re: [Snort-users] Check network for system broadcasts...
Date: Fri, 13 Oct 2006 14:07:55 -0700 (PDT) 
- Ask users to leave their machines on one evening.
Check the firewall logs for traffic between, say,
2:00am and 4:00am.  Any desktop with internet traffic
at that time may well have spyware checking in

-run snort with the bleedingsnort
(bleedingthreats.com) malware and antivirus rules 

-load your local dns server with domains associated
with spyware to loopback or redirect to a local apache
web server. Then examine the server logs for hits. 
An example
http://www.bleedingthreats.com/blackhole-dns/ 






--- Akashdeep Bhardwaj <bhrdwh@yahoo.com> wrote:


Hi,
  I am looking for a low cost, simple implementation
for 250 systems with different OS (all types of
microsoft, linux, unix, solaris, mac...) connected
via L2 and L3 Cisco and 3com switches (most of these
switches are SNMP) having 5 VLANs to - 
  1. Detect if a port on particular switch (read
machine) broadcasts more that a threshold that I
define, to detect virus/spyware broadcasts.
  2. Detect Spyware & Malware on the network.
   
  Any help is appriciated.
   
  Thanks in advance,
   
  Akash
  Bhrdwh@yahoo.com 
   

              
---------------------------------
How low will we go? Check out Yahoo! Messenger?s low
 PC-to-Phone call rates.>

-------------------------------------------------------------------------

Using Tomcat but need to do more? Need to support
web services, security?
Get stuff done quickly with pre-integrated
technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1
based on Apache Geronimo


http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642>
_______________________________________________

Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or
unsubscribe:


https://lists.sourceforge.net/lists/listinfo/snort-users

Snort-users list archive:


http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Snort-users] Check network for system broadcasts..., David Glosser
Next by Date:  [Snort-users] consult some questions about snort, fan wu
Previous by Thread:  Re: [Snort-users] Check network for system broadcasts..., David Glosser
Next by Thread:  Re: [Snort-users] Testing rpc decoder, snort user
Indexes:  [Date] [Thread] [Top] [All Lists]