[mdlug] It's about time.
Jeff Hanson
jhansonxi at gmail.com
Sat Oct 10 14:02:41 EDT 2009
On Sat, Oct 10, 2009 at 12:35 PM, Joseph C. Bender
<jcbender at bendorius.com> wrote:
>
> Nope. Assuming a good IDS or IDP, botnet traffic sticks out like a
> sore thumb. SSH traffic looks like, well, SSH traffic.
>
> There's also a pattern of traffic. Most ISP customers aren't in the
> habit of connecting to random hosts in Brazil, China, Russia or
> Bulgaria. Even if the traffic was destined to port 22 and "looked" like
> SSH, chances are the end-user doesn't have shell accounts over there.
>
I wonder how it will treat anonymous P-P traffic like Freenet and Tor.
More information about the mdlug
mailing list