Monday, February 18, 2008

Botsniffer - The New Tool Against BotNets

Via The Inquirer -

BOFFINS at Georgia Tech, have come up with a prototype of a seek and destroy system to eradicate botnets.

The unfortunately named Botsniffer uses anomaly detection tools to spot botnet command and control channels in a LAN.

Since it does not need any knowledge of signatures or server addresses it can detect and disrupt botnet infected hosts in any network.

The boffins showed off their botsniffer to the Internet Society's Network and Distributed System Security Symposium.

They wowed delegates with its ability to capture network command and control protocols use statistical algorithms.

Botsniffer can also be installed as a plug-ins for the Open Sauce intrusion/detection system. So it will soon be possible to Snort a plugin while sniffing your bot.

More here.

No comments:

Post a Comment