Botsniffer tackles back end of hacking
BOFFINS at Georgia Tech, have come up with a prototype of a seek and destroy system to eradicate botnets.
The unfortunately named Botsniffer uses anomaly detection tools to spot botnet command and control channels in a LAN.
Since it does not need any knowledge of signatures or server addresses it can detect and disrupt botnet infected hosts in any network.
The boffins showed off their botsniffer to the Internet Society's Network and Distributed System Security Symposium.
They wowed delegates with its ability to capture network command and control protocols use statistical algorithms.
Botsniffer can also be installed as a plug-ins for the Open Sauce intrusion/detection system. So it will soon be possible to Snort a plugin while sniffing your bot.
More here. ยต
Share this:
ShareBusiness Intelligence Software
Customer Relationship Management (CRM)
Enterprise Accounting Software
Enterprise Resource Planning (ERP)
Enterprise Systems Management
The way they described the detection process, a Distributed Computing project could cause a false positive.

They do exactly what the creators of BotSniffer say they detect. Give out stylized output, and then the various computers report back to the same central computer.
That's the end of SETI, then, isn't it ?
Personally, I think the exchange is acceptable. One good application goes down, and hundreds of thousands of infected computers get silenced, and millions of millions of spam do not get sent.
Can somebody give these guys a Nobel ?