Uechi-Ryu.com

Discussion Area
It is currently Mon Oct 20, 2014 10:50 pm

All times are UTC




Post new topic Reply to topic  [ 3 posts ] 
Author Message
 Post subject: Rootkits
PostPosted: Thu Nov 10, 2005 4:35 pm 
Offline
User avatar

Joined: Fri Nov 04, 2005 4:54 pm
Posts: 1205
Read Please, and then act:
http://www.networkworld.com/news/2005/1 ... 05-botnets

Caught one on my proxy this morning.

If you do not wish to install the F-secure's Beta Blacklight,

Get this:

It is free, works wonders, and is not CPU intensive.
I would never do a Intranet VPN client provision without it.
Great for home network use as well.

http://www.zonelabs.com/store/content/c ... edownloads

_________________
There's a bit of Metablade in all of us.


Top
 Profile  
 
 Post subject: Thanks...
PostPosted: Thu Nov 10, 2005 5:52 pm 
Offline
Site Admin
User avatar

Joined: Wed Sep 16, 1998 6:01 am
Posts: 6020
Location: Mount Dora, Florida
I've been using Zonealarm (the free version) and Advast with excellent results for about three years.

The problem with any firewall program is that something can sneak through by posing as something you currently use.. How did you catch that worm? What warning did Zonealarm give you?

_________________
GEM
"Do or do not. there is no try!"


Top
 Profile  
 
 Post subject:
PostPosted: Fri Nov 11, 2005 3:26 pm 
Offline
User avatar

Joined: Fri Nov 04, 2005 4:54 pm
Posts: 1205
You are spot on.
Often getting "in" is easy depending on if the sysadmin is paying attention :oops: ,but some tools to help you are employing Dynamic NAT (Network Address Translation)
http://computer.howstuffworks.com/nat.htm
and a proxy in front.
My issue was that I sometimes use a proxy for a security testing environment, and sometimes new betaware can contain malware.
In this case, Zone alarm did not prevent my download,(which it's not really designed to do) but when then malware attempted to phone home, Zone Alarm caught it.
However, there are many malware rootkits which are very good at hiding.
Most important is to block any IRC ports.
In fact, it's a good idea to disable ALL ports except the ones specifically being used.

_________________
There's a bit of Metablade in all of us.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

All times are UTC


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group