See FireGen for Pix: http://www.eventid.net/firegen/firegenpix2.asp Sample report: http://www.eventid.net/firegen/mildco01-2004-03-12-165112-ondemand.html - the report gives you much more than simple detection of common Internet worms and other forms of malware. A new feature, still under development but hopefully ready by the end of the month is the ability to analyze the activity of a single IP address. See http://www.eventid.net/firegen/ipforensics_report.asp - any comments from loganalysis.org is appreciated. Regards, Adrian Grigorof Altair Technologies www.altairtech.ca www.eventid.net ----- Original Message ----- From: Greg Dotoli To: loganalysis@private Sent: Monday, June 07, 2004 9:04 AM Subject: [logs] Syslog Does anyone know of a script that will check the syslog for any external connections on know malware ports? This will help to identify internal hosts that may be infected with certain viruses or malware. We have a Cisco PIX Sending it's info to a Linux syslog. I have a list of know malware ports and can run a for loop against each line in the Syslog file. Is there a good site that keeps track of know malware ports for download? Please send me any resources you may know of regarding identification of Malware via Syslog searching. a.. Gregg Dotoli b.. NADAP c.. (W) (212)-986-1170 ext. 136 d.. (C) (973)-896-0452 ------------------------------------------------------------------------------ _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Tue Jun 08 2004 - 11:32:57 PDT