SEC504: Hacker Tools, Techniques, and Incident Handling

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsIt is very common for active malware to call home, either to fetch updates and instructions or to send back stolen information. In an internal network where web access to the Internet must go through a proxy, the traffic that doesn't pass through the proxy and by default is dropped by the gateway firewall could be valuable to detect malware call-home activities. This paper describes an approach to detect such malware call-home activities by redirecting the otherwise dropped traffic to a sinkhole server in a proxy environment.