How to detect storm infections on your network

You will get enormous spikes of traffic just after infection and sometimes after and this can even be as HTTP traffic (website traffic) or if you have blocked IRC traffic you will see a huge quantity of connections (dropped). If you didn't drop IRC yet on your firewall, you should. There is no business reason to keep it open and this way you block most of the botnetcontrol traffic and furthermore if you block it you can have an idea who is infected by the drops you have at your firewall.

There are some good freeware/shareware products that you can install on your switch to monitor traffic and there are nowadays very cheap big screens that you can put on your computer to have a monitoring screen.

13:42 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (0) |  Facebook |

De commentaren zijn gesloten.