Squid+Privoxy or Snort?
Bart Silverstrim
bsilver at chrononomicon.com
Fri Nov 12 14:38:19 GMT 2004
On Nov 12, 2004, at 8:37 AM, Cristian Salan wrote:
> Hello,
>
> I'm trying to investigate some potential solutions to escape from
> different microsoft specific malware (like gator's software).
> The two mentioned in subject were found after some Google search.
> Wonder what are you guys using for this sort of problems.
> Thanks.
Squid can be used if you redirect all web traffic through the squid
proxy; we have used squid with SquidGuard to block access to some
gator-esque sites. If they get infected, they at least can't phone
home and we can see what IP's are trying to phone home so we can clean
them up if it's a problem.
Unless the malware is spraying traffic over a broadcast or scanning
your subnets, I'm not sure if snort would really help that much, since
most gator-like stuff tends to be targeted in what it contacts (browse
to website, junk installed, phones home data...)
-Bart
More information about the freebsd-questions
mailing list