On Nov 12, 2004, at 8:37 AM, Cristian Salan wrote:
Hello,
I'm trying to investigate some potential solutions to escape from different microsoft specific malware (like gator's software). The two mentioned in subject were found after some Google search. Wonder what are you guys using for this sort of problems. Thanks.
Squid can be used if you redirect all web traffic through the squid proxy; we have used squid with SquidGuard to block access to some gator-esque sites. If they get infected, they at least can't phone home and we can see what IP's are trying to phone home so we can clean them up if it's a problem.
Unless the malware is spraying traffic over a broadcast or scanning your subnets, I'm not sure if snort would really help that much, since most gator-like stuff tends to be targeted in what it contacts (browse to website, junk installed, phones home data...)
-Bart
_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
