Date: Tue, 20 Jul 2004 14:39:20 +1000 From: "Mark Picone" <wts666@iprimus.com.au> To: <freebsd-isp@freebsd.org> Subject: FW: Spyware & AD Ware Message-ID: <40F5D5030019623C@> (added by postmaster@iprimus.com.au)
next in thread | raw e-mail | index | archive | help
You can stop spy/adware on your firewall at the protocol level with snort (from the ports) if you are willing to write some custom rules or google for them. There are some great examples of this in a snort add-on which is a collection of "bleeding edge" rules can be found at http://www.bleedingsnort.com/bleeding.rules They would look something like what is shown below, which is an actual rule used to stop Yesadvertising Banking Spyware. alert tcp $HOME_NET any -> any $HTTP_PORTS (msg:"BLEEDING-EDGE Yesadvertising Banking Spyware RETRIEVE"; uricontent:"/img1big.gif"; nocase; reference:url,isc.sans.org/presentations/banking_malware.pdf; sid:2000336; rev:2;) alert tcp $HOME_NET any -> any $HTTP_PORTS (msg:"BLEEDING-EDGE Yesadvertising Banking Spyware INFORMATION SUBMIT"; uricontent:"/cgi-bin/yes.pl"; nocase; reference:url,isc.sans.org/presentations/banking_malware.pdf; sid:2000337; rev:2; ) -----Original Message----- From: owner-freebsd-isp@freebsd.org [mailto:owner-freebsd-isp@freebsd.org] On Behalf Of JJB Sent: Tuesday, 20 July 2004 3:11 AM To: spidey@act.co.za; freebsd-isp@freebsd.org Subject: RE: Spyware & AD Ware Spyware and AD Ware are ms/windows problems. These have no effect on unix based systems. www.download.com has the most popular free downloads for removing these. -----Original Message----- From: owner-freebsd-isp@freebsd.org [mailto:owner-freebsd-isp@freebsd.org]On Behalf Of Spidey Knepscheld Sent: Monday, July 19, 2004 11:27 AM To: freebsd-isp@freebsd.org Subject: Spyware & AD Ware Hi How do I stop Spyware and AD Ware to enter my network through a FreeBSD FW or can I stop it on the Cisco ? Spidey _______________________________________________ freebsd-isp@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-isp To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" _______________________________________________ freebsd-isp@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-isp To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?40F5D5030019623C>