John,
Thanks for the hard work on Botnet. I just installed 0.7, and I'm quite
pleased with the results so far.
Thanks for the BOTNET_SOHO rule. As a "SOHO" with a recalcitrant ISP that
won't give me a reverse lookup, I appreciate the rule very much.
I am getting a warning in my log files howe
Erik Dasque wrote:
Once installed, how do I know it's working ?
If you take a message that came from a host with no reverse DNS, bad DNS
(if you're using sendmail, and it said "[may be forged]" in the received
header), or a machine that has any other "botnet like characteristics",
then you c
Once installed, how do I know it's working ? Also, what's the perl
file for ? I only copied the pm & cf files to the sa plugin directory.
Erik
On Dec 21, 2006, at 8:07 AM, John Rudd wrote:
Tim B. wrote:
John Rudd wrote:
out of curiosity, which release branches of SA is supported with
Tim B. wrote:
John Rudd wrote:
out of curiosity, which release branches of SA is supported with this
plugin? the 3.1.x & 3.0.x or just the 3.1.x?
I've only tried it on 3.1.7.
John Rudd wrote:
New things:
1) BOTNET_SOHO -- If the sender's (chosen from Envelope-From,
Return-Path, or From, in that order) mail domain (the part after the @
sign) resolves back to the relay's IP address, or has an MX host which
resolves back to the IP address, AND the sender's mail dom
Phil Barnett wrote:
On Monday 18 December 2006 20:16, John Rudd wrote:
New things:
I think that's everything...
Just need another day or two of testing before I release it.
One thing I noticed from the previous version was there was no mention of
version numbers anywhere in the package
On Monday 18 December 2006 20:16, John Rudd wrote:
> New things:
> I think that's everything...
>
>
> Just need another day or two of testing before I release it.
One thing I noticed from the previous version was there was no mention of
version numbers anywhere in the package. Not in the name,
