Security Basics mailing list archives
Re: Best way to look for Worms/Malware
From: Henri Salo <henri () nerv fi>
Date: Fri, 10 Sep 2010 21:42:24 +0300
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 8 Feb 2010 11:52:34 -0700 dhamm () cinci rr com wrote:
While this might be a question for the IDS mailing list, I think it is a good Security Basics question too, as I am sure many of us getting into Security will have a similar question. I have a client that wants to get an idea whether or not there is anything roaming on the background on the network. He is running on an older non managed switch network, and wants to know what would be a good way to set up some kind of detector, besides having patching and anti virus. So my question is, should he setup an IDS of some kind, preferably something that can be setup quickly, with the understanding that he wants to setup a more permanent IDS solution in the near future. Or should he do some sort of IDS/Honeypot combination? Any suggestions would be appreciated. Thanks, David Hamm
My sugestions: nmap, snort and nepenthes http://nmap.org/ http://www.snort.org/ http://nepenthes.carnivore.it/ Best regards, Henri Salo -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkyKfBAACgkQXf6hBi6kbk/RvACfTRY1S4hzZ8Y6jCbxXnUhA2hf CyEAnjquC+J+8PQLRoea40Jd0DB8zXsk =SWQ/ -----END PGP SIGNATURE-----
Current thread:
- Best way to look for Worms/Malware dhamm (Sep 10)
- Re: Best way to look for Worms/Malware Henri Salo (Sep 10)
- Re: Best way to look for Worms/Malware Todd Haverkos (Sep 13)
- Re: Best way to look for Worms/Malware Henri Salo (Sep 14)
- RE: Best way to look for Worms/Malware Sachin Chadha (Sep 15)
- Re: Best way to look for Worms/Malware Todd Haverkos (Sep 13)
- Re: Best way to look for Worms/Malware Henri Salo (Sep 10)