> Well Do you use some technique, tools, or anything else to find some bots
in your network? I know this is a very new field on research, but maybe you
>know about something that can help detecting this kind of malware.
Armin, look at your logs for strange behavior on hosts under your
control. Do you see machines re-booting, trying to send mail out. Collect a
baseline traffic analysis of the general noise of your network by using
Wireshark and continue to sample the data streams until you either see some
odd behavior or you feel pretty confident your nets are clean.
What you need to do if you find an offensive machine is isolate it
off the network and capture packets as it tries to communicate with its
owner.
There are many experts when it comes to this topic, these are just a
few of my initial impressions.
Sincerely, Richard
> Well Do you use some technique, tools, or anything else to find some bots
in your network? I know this is a very new field on research, but maybe you
>know about something that can help detecting this kind of malware.
Armin, look at your logs for strange behavior on hosts under your
control. Do you see machines re-booting, trying to send mail out. Collect a
baseline traffic analysis of the general noise of your network by using
Wireshark and continue to sample the data streams until you either see some
odd behavior or you feel pretty confident your nets are clean.
What you need to do if you find an offensive machine is isolate it
off the network and capture packets as it tries to communicate with its
owner.
There are many experts when it comes to this topic, these are just a
few of my initial impressions.
Sincerely, Richard
[ reply ]