Technology research firm SRI International released a free software
tool on Monday to help system administrators detect botnet activity
within their network.
The program, called BotHunter, monitors the inside of a network to
detect the two-way communications flows that are common between
computers compromised by bot software and the command-and-control
(C&C) server that is used to send commands to each infected
machine. The software keeps tabs on the suspicious requests and
responses — which SRI International calls dialogs — and compares them with patterns of known bot software, said Phillip Porras, security program director for SRI International.
http://www.securityfocus.com/brief/861