Endpoint Protection

 View Only
Back to Library

Custom IPS signatures to detect botnet traffic 

Nov 23, 2010 01:31 PM

Attached is a copy of various custom IPS signatures for SEPM to detect botnet activity (Koobface, Zeus, Clampi, etc)

These are currently in "Allow" mode

Any comments/suggestions to make the rules better are welcome. Also, please feel free to test and report back to me. I'm currently using these as well in my environment.

And just to note, these rules are setup to work with a proxy using port 8080. If you are not behind a proxy, you can change the port to 80 or if you are behind a proxy, you will need to change the port to match what your proxy uses.

I've also attached a zip file of the IPS format used by SEPM if you want to create custom rules.

Statistics
0 Favorited
0 Views
2 Files
0 Shares
0 Downloads
Attachment(s)
Download All
zip file
Custom Signatures - Botnet Activity.zip   4 KB   1 version
Uploaded - Feb 25, 2020
 
Download
zip file
IPSformat.zip   22 KB   1 version
Uploaded - Feb 25, 2020
 
Download

Tags and Keywords

Comments

AjinBabu
Jun 07, 2013 06:42 AM

Thanks for Sharing 

Reagrds

Ajin

Migration User
Sep 24, 2011 12:25 AM

Thanks brain to share the update

Migration User
Sep 23, 2011 06:57 AM

I like that

helps really

Migration User
Jul 12, 2011 02:40 PM

customized policies helps always to getting deeper into some features of the product... thx

Migration User
Mar 21, 2011 09:31 PM

Thanks Brian, was able to download it and import it into my SEPM. Will try it out and advise further.

Many thanks.

Related Entries and Links

No Related Resource entered.