Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Gentoo>
  3. User
scan all IP traffic for viruses and alike?
haimat at lame
Oct 11, 2004, 9:26 AM
Post #1 of 7 (786 views)
Permalink
Hi all,

recently I got an ad for a new zyxel blackbox firewall, which can scan all
incoming traffic for virus, DoS attacks, trojans etc. signatures. It
updates itself from some kind of master server and so forth...

I am aware of virus scanners for MTAs and IDSes for Linux machines, but are
there any tools to install with the same features as listed above -- say,
scanning ALL traffic for such signatures, but not only in email traffic?

What are your experiences? TIA!
Greetings, Matthias

--
Homer: You know what?

Grampa: What?

Homer: We're both screw-ups.

Grampa vs. Sexual Inadequacy

--
gentoo-user@gentoo.org mailing list
Re: scan all IP traffic for viruses and alike? [ In reply to ]
andfarm at teknovis
Oct 11, 2004, 2:52 PM
Post #2 of 7 (783 views)
Permalink
On 11 Oct 2004, at 09:26, Matthias F. Brandstetter wrote:
> recently I got an ad for a new zyxel blackbox firewall, which can scan
> all
> incoming traffic for virus, DoS attacks, trojans etc. signatures. It
> updates itself from some kind of master server and so forth...

Probably snake oil. But I digress.

> I am aware of virus scanners for MTAs and IDSes for Linux machines,
> but are
> there any tools to install with the same features as listed above --
> say,
> scanning ALL traffic for such signatures, but not only in email
> traffic?

No point! The only reason virus scanners exist for Linux at all is so
that
you can protect downstream machines - e.g. a Windows machine checking
mail
via POP/IMAP, or using a Samba share.

If you *really* want to do something like this, investigate Snort.
(Google
knows all.) But be aware that, unless you're running a very important
system, this is probably useless - you'll pick up a lot of automated
scans,
for example.

Attached Files:

Re: scan all IP traffic for viruses and alike? [ In reply to ]
ajai at bway
Oct 11, 2004, 9:08 PM
Post #3 of 7 (784 views)
Permalink
On Mon, 11 Oct 2004, Matthias F. Brandstetter wrote:

> recently I got an ad for a new zyxel blackbox firewall, which can scan all
> incoming traffic for virus, DoS attacks, trojans etc. signatures. It
> updates itself from some kind of master server and so forth...
>
> I am aware of virus scanners for MTAs and IDSes for Linux machines, but are
> there any tools to install with the same features as listed above -- say,
> scanning ALL traffic for such signatures, but not only in email traffic?

Google for "snort"


--
feature shock n.

[from Alvin Toffler's book title
"Future Shock"] A user's (or programmer's!) confusion when
confronted with a package that has too many features and poor
introductory material.


--
gentoo-user@gentoo.org mailing list
Re: scan all IP traffic for viruses and alike? [ In reply to ]
boxroot at gmail
Oct 13, 2004, 3:23 AM
Post #4 of 7 (786 views)
Permalink
> > I am aware of virus scanners for MTAs and IDSes for Linux machines, but are
> > there any tools to install with the same features as listed above -- say,
> > scanning ALL traffic for such signatures, but not only in email traffic?
>
> Google for "snort"

...or for prelude-nids...

--
gentoo-user@gentoo.org mailing list
Re: scan all IP traffic for viruses and alike? [ In reply to ]
ajai at bway
Oct 13, 2004, 9:42 AM
Post #5 of 7 (787 views)
Permalink
On Wed, 13 Oct 2004, James Hiscock wrote:

> > Google for "snort"
>
> ...or for prelude-nids...

Why does Gentoo specifically favor Perlude over Snort?
What are the pros and cons?


--
winner

1. n. An unexpectedly good situation, program,
programmer, or person. 2. `real winner': Often sarcastic, but
also used as high praise (see also the note under user).
"He's a real winner -- never reports a bug till he can duplicate
it and send in an example."


--
gentoo-user@gentoo.org mailing list
Re: scan all IP traffic for viruses and alike? [ In reply to ]
rumen_yotov at dir
Oct 13, 2004, 11:45 AM
Post #6 of 7 (798 views)
Permalink
On ср, 2004-10-13 at 12:42 -0400, Ajai Khattri wrote:
> On Wed, 13 Oct 2004, James Hiscock wrote:
>
> > > Google for "snort"
> >
> > ...or for prelude-nids...
>
> Why does Gentoo specifically favor Perlude over Snort?
> What are the pros and cons?
>
>
Hi,
Can't say one favors over the other, but you can run both ;).
Generally speaking prelude could use snort is a sensor, beside its own.
Using prelude-manager with prelude-nids, prelude-lml and snort as
sensors. It rocks for me.
HTH
--
Rumen Yotov <rumen_yotov@dir.bg>

Attached Files:

Re: scan all IP traffic for viruses and alike? [ In reply to ]
boxroot at gmail
Oct 13, 2004, 1:32 PM
Post #7 of 7 (783 views)
Permalink
> > What are the pros and cons?
> Generally speaking prelude could use snort is a sensor, beside its own.

And with piwi, the reporting is much easier to understand. Fewer
cryptic logs, and some nice graphs are always good. ;)

--
gentoo-user@gentoo.org mailing list

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal