Custom Search

Tuesday, October 27, 2009

My Botnet Detection System

In terms of hardware specification, my botnet detection system is nothing to brag about. It is a small VPS with mere 256MB RAM and 6GB storage space. Its limited CPU power proves not to be an obstacle, as the passive detection I employ is not CPU bound.

Its software is equally modest.  My botnet detection strategy is to follow the spam upstream, so I just installed an SMTP server I am familiar with over a plain vanilla Debian 5 OS. Originally the maximum number of concurrent SMTP connections was set to 90, but later it has been raised to 180. In real world condition, I have witnessed the system handling 150+ incoming SMTP connections at the same time with ease.

Next time, I'll write about how to uncover botnet computers.

1 comment:

  1. Hi,
    Looks interesting.
    Can you give more explanation about your botnet detection system?

    ReplyDelete