Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


Re: [Dshield] [OT] Naughty File Detector
.

  • To: [EMAIL PROTECTED]
  • Subject: Re: [Dshield] [OT] Naughty File Detector
  • From: "DAN MORRILL" <[EMAIL PROTECTED]>
  • Date: Thu, 02 Oct 2003 12:31:02 +0000
  • Old-x-envelope-to: [EMAIL PROTECTED]
  • Reply-to: General DShield Discussion List <[EMAIL PROTECTED]>
  • Sender: [EMAIL PROTECTED]
.
 
Good Morning,
There are lots of programs that will inventory software on a box, SMS, some Patch Management software, but if you really want to go after P2P, there are a number of things you can look for. 

Lots of ICMP traffic, huge overhead,
Port 0 traffic (SetUID 0 or otherwise) have noticed that shareazza (which I do use) will get me port 0 traffic because of the port hopping. Probably something unbound in their port designation. You can also tab on the standard P2P ports to get a tip off, if they are just being turned on, then they usually default to their standard port. There is a random port setting in some P2P applications to get around firewalls, but it is buried in the configuration and the user may or may not enable that function.
Another thing to do, especially fun on a windows network, just do a search for MP3, MPG on the network, most XP/W2K/W2K3 allows for network wide searching via script for those kind of files. But I would recommend this only after hours. 

Hope that helps,
Cheers/r/Dan Morrill





From: Carl Inglis <[EMAIL PROTECTED]>
Reply-To: General DShield Discussion List <[EMAIL PROTECTED]>
To: General DShield Discussion List <[EMAIL PROTECTED]>
Subject: [Dshield] [OT] Naughty File Detector
Date: Thu,  2 Oct 2003 12:44:20 +0100

I'm going to be starting a new job in the near future, and one of the
things which I'm going to be responsible for is the security policy. I
want to ban P2P programs, but from what I understand of the protocols they
are capable of port-hopping, and can even land on port 80.

I'm looking for a program which I can use to scan remote hard drives
looking for the executables. Perhaps using an MD5 checksum to identify the
files? (Since people can change the file names).

I've found Browse Control from CodeWork, and that looks quite interesting,
but I'd appreciate the thoughts of others.

Thanks,

Carl
--


_______________________________________________
list mailing list
[EMAIL PROTECTED]
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list 

_________________________________________________________________
Share your photos without swamping your Inbox. Get Hotmail Extra Storage today! http://join.msn.com/?PAGE=features/es 

_______________________________________________
list mailing list
[EMAIL PROTECTED]
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.