July 11th, 2002, 05:04 AM
Detecting IRC controled trojans
There's an intersting article I found on securityfocus:
This brings an interstring question: while we push for more encryption, it also makes detection with NIDSs... I guess a solution might be to favor distributed IDSs with central managment/logging. Some vendors are already pushing this but open source world doesn't seem to be catching on to this...
July 13th, 2002, 11:10 PM
ammo, this may be of interest to you, it’s a paper on the analysis of an IRC trojan.
Sorry i don't remember where i got it from!
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
July 18th, 2002, 02:18 PM
That paper is online here. It was written as part of Lenny Zeltser's GCIH certification prcess. In other words, it was written for SANS. His homepage is http://www.zeltser.com/ . He has some neat toys and some other really good papers on his site, including one about intrusion detection.
\"Ignorance is bliss....
but only for your enemy\"