[Emerging-Sigs] Botnet Sniffer - C&C detection
Jart Armin
jart351 at googlemail.com
Mon Feb 18 07:03:15 EST 2008
Good paper attached re: C&C botnet detection from - Georgia Institute
of Technology, can also be used for straight forward botnet detection.
Seems pretty reliable, so far.
A little out of date due to IRC based but they are working on P2P C&C
detection.
A fairly academic read worth persevering for those interested in this
stuff, but maybe some good math for rule sets?
Jart
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Gu_NDSS08_botSniffer.pdf
Type: application/pdf
Size: 347270 bytes
Desc: not available
Url : http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20080218/5d3ed35d/Gu_NDSS08_botSniffer-0001.pdf
More information about the Emerging-sigs
mailing list