Video Screencast Help

Custom IPS signatures to detect botnet traffic

Created: 23 Nov 2010 • Updated: 01 Dec 2010 | 5 comments
ℬrίαη's picture
+7 7 Votes
Login to vote

Attached is a copy of various custom IPS signatures for SEPM to detect botnet activity (Koobface, Zeus, Clampi, etc)

These are currently in "Allow" mode

Any comments/suggestions to make the rules better are welcome. Also, please feel free to test and report back to me. I'm currently using these as well in my environment.

And just to note, these rules are setup to work with a proxy using port 8080. If you are not behind a proxy, you can change the port to 80 or if you are behind a proxy, you will need to change the port to match what your proxy uses.

I've also attached a zip file of the IPS format used by SEPM if you want to create custom rules.

Comments 5 CommentsJump to latest comment

BSemi's picture

Thanks Brian, was able to download it and import it into my SEPM. Will try it out and advise further.

Many thanks.

Login to vote
MaRRuT@CC's picture

customized policies helps always to getting deeper into some features of the product... thx

Login to vote
abhishek8866's picture

I like that

helps really

Login to vote
Sumit G's picture

Thanks brain to share the update


Sumit G.

Login to vote
AjinBabu's picture

Thanks for Sharing 



Login to vote