Full Disclosure mailing list archives
the anti botnet market for ISPs and corporate networks
From: Gadi Evron <ge () linuxbox org>
Date: Tue, 26 Sep 2006 03:43:53 -0500 (CDT)
Is here. Several companies are rehearsing their old products and buzzwording them for DDoS mitigation or botnets, but not Trend Micro. Trend Micro released a brand new product, implemented with the novel idea of utilizing DNS to detect bots on an ISP or corporate network. Whether by massive requests for a C&C (bots phoning home) or massive requests for an MX record (spam bots), looking for negative caching (NX being cached (as the C&C is not there yet but requested) and beyond. It works. I don't know if that's what Trend Micro is doing, but it's one step in the right direction to better botnet detection and mitigation. Larry Seltzer wrote a good article on it: http://www.eweek.com/article2/0,1759,2020286,00.asp This idea has been explored before: The Domain Name Service as an IDS - NANOG archives: http://www.irbs.net/internet/nanog/0602/0537.html and: http://blogs.securiteam.com/index.php/archives/321 The original paper can be found, here: http://staff.science.uva.nl/~delaat/snb-2005-2006/p12/report.pdf (these guys were cool enough to reference me, hehe) Other papers were linked to from the above mentioned post. This is pretty cool, and is worth a look. I guess we will find out what this commercialized technology is worth now that it is out of the home-grown/academic tools realm. Gadi. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- the anti botnet market for ISPs and corporate networks Gadi Evron (Sep 26)
- Re: the anti botnet market for ISPs and corporatenetworks jammer128 (Sep 26)