-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, Jan 08, 2007 at 01:13:01PM -0600, Russell L. Harris wrote: > Yesterday I read another article bemoaning the large number of Window$ > machines which have been commandeered remotely and turned into > spam-spewing zombies. > > If I understand the matter correctly, a firewall can protect only > against incoming messages, and is useless against spyware which > "phones home" or zombie-ware which spews email spam. Hi R, iptables can filter both incomming and outgoing packets. Although most folks focus on the outgoing one. > > So, before I preach about the dangers of spyware and zombies to my > buddies using Window$, how can I be certain that my own Debian machine > has not been compromised and has not become a zombie? Is there a > simple test which I can run on a weekly basis? there are 'root kit' that can look for them on your machine. Another way is packages that check for 'new' files like aide. If a machine is 'rooted', the kit replaces tools like 'ps', 'ls', top', etc. so that you can not easily know there is a problem and may setup someone thing like an irc server or ssh on an odd port. > > My LAN is protected by a machine running SmoothWall Express 2.0, > acting as a firewall and router. Would an internal firewall package be > useful in this environment? Many folks like that one. I use shorewall. You can always block outgoing ports that you dont use. If you dont run an ftp server, block port 20 and 21, etc. Kev - -- | .''`. == Debian GNU/Linux == | my web site: | | : :' : The Universal | 'under construction' | | `. `' Operating System | go to counter.li.org and | | `- http://www.debian.org/ | be counted! #238656 | | my keysever: subkeys.pgp.net | my NPO: cfsg.org | -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFFoqDJv8UcC1qRZVMRAk83AJ9LuItRB3PMHmN/arWmndTUY37Z3gCeNyGE 47I0i54y6etfZz6aM8cBCts= =Lj0O -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]