Snort mailing list archives
Need help to detect BOTNET-CNC Palevo bot DNS attack
From: babu dheen <babudheen () yahoo co in>
Date: Sun, 11 Dec 2011 12:53:03 +0530 (IST)
Dear, We are using Astaro Firewall with IPS in pass through mode for last one year. We have been noticing many number of "BOTNET-CNC Palevo bot DNS request for C&C attempt" attack showing in IPS summery report wherein source address and destination address showing only DNS server which source address is my company internal DNS server and destination is ISP DNS server. We would like to find out the botnet infected clients which this IPS report shows. To help on this, we would like to know from which central URLs snort is downloading malware domains in its database so that we can refer the common URL against the DNS logs and find out the infected clients list. I need your valuable help and guidelines on this. Note: As you know, Astaro firewall is using Snort signature for IPS functionality. Rule ID Rule Nmae Group Events 16297 BOTNET-CNC Palevo bot DNS request for C&C attempt Server 1018 Regards Babu
------------------------------------------------------------------------------ Learn Windows Azure Live! Tuesday, Dec 13, 2011 Microsoft is holding a special Learn Windows Azure training event for developers. It will provide a great way to learn Windows Azure and what it provides. You can attend the event by watching it streamed LIVE online. Learn more at http://p.sf.net/sfu/ms-windowsazure
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Need help to detect BOTNET-CNC Palevo bot DNS attack babu dheen (Dec 11)
- Re: Need help to detect BOTNET-CNC Palevo bot DNS attack James Lay (Dec 11)
- Re: Need help to detect BOTNET-CNC Palevo bot DNSattack Jason Haar (Dec 12)
- Re: Need help to detect BOTNET-CNC Palevo bot DNSattack babu dheen (Dec 12)
- Re: Need help to detect BOTNET-CNC Palevo bot DNSattack Martin Holste (Dec 12)
- Re: Need help to detect BOTNET-CNC Palevo bot DNSattack babu dheen (Dec 13)
- Re: Need help to detect BOTNET-CNC Palevo bot DNSattack Martin Holste (Dec 13)
- Re: Need help to detect BOTNET-CNC Palevo bot DNSattack Jason Haar (Dec 12)
- Re: Need help to detect BOTNET-CNC Palevo bot DNS attack James Lay (Dec 11)
- Re: Need help to detect BOTNET-CNC Palevo bot DNS attack babu dheen (Dec 12)
- Re: Need help to detect BOTNET-CNC Palevo bot DNS attack babu dheen (Dec 12)
- Re: Need help to detect BOTNET-CNC Palevo bot DNS attack Kevin Ross (Dec 12)