Detecting and Containing IRC-Controlled Trojans:When Firewalls,AV Are Not...

Discussion in 'other security issues & news' started by Technodrome, Jul 23, 2002.

Thread Status:
Not open for further replies.
  1. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    Very good and useful reading....

    Detecting and Containing IRC-Controlled Trojans: When Firewalls, AV, and IDS Are Not Enough


    http://online.securityfocus.com/infocus/1605


    Technodrome
     
  2. snowman

    snowman Guest

    Techno

    much enjoyed the reading..thanks.

    snowman
     
  3. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    My pleasure snowman ;)


    Technodrome
     
  4. snowy

    snowy Guest

    TECH

    I've been giving this issue some thought..(however feeble that may be).........an I just can see the average user of a home computer doing the things needed to monitor this particul type of exploit.....or even having the knowledge to properly do so.......how many even have an idea of what a sniffer is much less how to use one.......an the bottom line is that its the home computer that gets infected and used by the zombie/bot......
    so....in your expert opinion...is there a way...to your knowledge....of shuting down outbound traffic on know zombie portso_O that the average in-experience could use.
    .....I am not so sure a rule based firewall would do the trick.....but its been a long while since I've used one...an many have improved. an there is the application firewall...an that just wont do it for this exploit.......your thoughts would be appreciated........
    there are msdos programs that shut down ports completely.....would that be in order here?? again..something simple..since many newbes don't even use firewalls until they learn of them.
     
  5. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    The best and the simplest way to closed outbound traffic on know zombie ports is firewall. Block all ports that you don't use. It helps! Gotta use it!

    Utilities such as Zombie Zapper could be handy as well! This tool tells a zombie system flooding packets to stop flooding.

    I'd use some Encryption Security program just to make sure!

    Why not use firewalls?

    Linux has the command thats shuting down all open ports but I don't know if this command exits in windows.

    Technodrome
     
  6. snowy

    snowy Guest

    TECH

    thank you for giving of your time to reply..most appreciated as always.
    perhaps what still amases me is that there are still so many people who don't use firewalls....many don't even know what a firewall does or is.....I know people who believe ONLY big companies need firewalls.....whew!
    again thanks....always find your replies most informative....and helpful.

    snowman
     
  7. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    I agree with you snowman!

    A large number of people don't even use Anti-Virus tool... :rolleyes:

    But hey, at least they know how to use Kazaa... ;)


    Technodrome
     
  8. snowy

    snowy Guest

    LOL now thats rich...I lorv that comment LOL


    TECH you made my day......LOL
     
Loading...
Thread Status:
Not open for further replies.