[81448] in North American Network Operators' Group
Re: Using snort to detect if your users are doing interesting
daemon@ATHENA.MIT.EDU (Jeroen Massar)
Fri Jun 10 06:03:12 2005
From: Jeroen Massar <jeroen@unfix.org>
To: Kim Onnel <karim.adel@gmail.com>
Cc: Randy Bush <randy@psg.com>,
"Steven M. Bellovin" <smb@cs.columbia.edu>, nanog@merit.edu
In-Reply-To: <e05f3929050609132953cd4cef@mail.gmail.com>
Date: Fri, 10 Jun 2005 12:02:31 +0200
Errors-To: owner-nanog@merit.edu
--=-k/GSkp2ahqt/F5GXdjPj
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
On Thu, 2005-06-09 at 23:29 +0300, Kim Onnel wrote:
> How about project Darknet and sinkholes and monitoring dark ip space,
> worms and botnets usually scans blindly right and left, so there is a
> good chance you will get a glimpse on infected hosts if thats what you
> want, i catch infected hosts by looking at apache access logs and i
> see alot of scans,
Read the following interesting article:
http://www.spectrum.ieee.org/WEBONLY/publicfeature/may05/0505worm.html
Greets,
Jeroen
--=-k/GSkp2ahqt/F5GXdjPj
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Jeroen Massar / http://unfix.org/~jeroen/
iD8DBQBCqWU3KaooUjM+fCMRAkasAKCPu6qVqplr7tj8h0dHYL2vnIaO8QCePEXp
em8cmCylwD9BUxnlgrDTdhI=
=BnsR
-----END PGP SIGNATURE-----
--=-k/GSkp2ahqt/F5GXdjPj--
