FW: Spyware & AD Ware
Mark Picone
wts666 at iprimus.com.au
Mon Jul 19 21:39:31 PDT 2004
You can stop spy/adware on your firewall at the protocol level with snort
(from the ports) if you are willing to write some custom rules or google for
them.
There are some great examples of this in a snort add-on which is a
collection of "bleeding edge" rules can be found at
http://www.bleedingsnort.com/bleeding.rules
They would look something like what is shown below, which is an actual rule
used to stop Yesadvertising Banking Spyware.
alert tcp $HOME_NET any -> any $HTTP_PORTS (msg:"BLEEDING-EDGE
Yesadvertising Banking Spyware RETRIEVE"; uricontent:"/img1big.gif"; nocase;
reference:url,isc.sans.org/presentations/banking_malware.pdf; sid:2000336;
rev:2;)
alert tcp $HOME_NET any -> any $HTTP_PORTS (msg:"BLEEDING-EDGE
Yesadvertising Banking Spyware INFORMATION SUBMIT";
uricontent:"/cgi-bin/yes.pl"; nocase;
reference:url,isc.sans.org/presentations/banking_malware.pdf; sid:2000337;
rev:2; )
-----Original Message-----
From: owner-freebsd-isp at freebsd.org [mailto:owner-freebsd-isp at freebsd.org]
On Behalf Of JJB
Sent: Tuesday, 20 July 2004 3:11 AM
To: spidey at act.co.za; freebsd-isp at freebsd.org
Subject: RE: Spyware & AD Ware
Spyware and AD Ware are ms/windows problems.
These have no effect on unix based systems.
www.download.com has the most popular free downloads for removing
these.
-----Original Message-----
From: owner-freebsd-isp at freebsd.org
[mailto:owner-freebsd-isp at freebsd.org]On Behalf Of Spidey Knepscheld
Sent: Monday, July 19, 2004 11:27 AM
To: freebsd-isp at freebsd.org
Subject: Spyware & AD Ware
Hi
How do I stop Spyware and AD Ware to enter my network through a
FreeBSD
FW or can I stop it on the Cisco ?
Spidey
_______________________________________________
freebsd-isp at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to
"freebsd-isp-unsubscribe at freebsd.org"
_______________________________________________
freebsd-isp at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe at freebsd.org"
More information about the freebsd-isp
mailing list