In terms of hardware specification, my botnet detection system is nothing to brag about. It is a small VPS with mere 256MB RAM and 6GB storage space. Its limited CPU power proves not to be an obstacle, as the passive detection I employ is not CPU bound.
Its software is equally modest. My botnet detection strategy is to follow the spam upstream, so I just installed an SMTP server I am familiar with over a plain vanilla Debian 5 OS. Originally the maximum number of concurrent SMTP connections was set to 90, but later it has been raised to 180. In real world condition, I have witnessed the system handling 150+ incoming SMTP connections at the same time with ease.
Next time, I'll write about how to uncover botnet computers.
Custom Search
Hi,
ReplyDeleteLooks interesting.
Can you give more explanation about your botnet detection system?