From owner-freebsd-isp@FreeBSD.ORG Tue Jul 20 04:39:31 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9894616A4CE for ; Tue, 20 Jul 2004 04:39:31 +0000 (GMT) Received: from smtp02.syd.iprimus.net.au (smtp02.syd.iprimus.net.au [210.50.76.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3E86743D55 for ; Tue, 20 Jul 2004 04:39:31 +0000 (GMT) (envelope-from wts666@iprimus.com.au) Received: from biggie (211.27.78.195) by smtp02.syd.iprimus.net.au (7.0.028) id 40F5D5030019623C for freebsd-isp@freebsd.org; Tue, 20 Jul 2004 14:39:29 +1000 Message-ID: <40F5D5030019623C@> (added by postmaster@iprimus.com.au) From: "Mark Picone" To: Date: Tue, 20 Jul 2004 14:39:20 +1000 MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.5510 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441 Thread-Index: AcRts4KLyOpcgw1nT0KtKEKnvRasKgAXlatg Subject: FW: Spyware & AD Ware X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Jul 2004 04:39:31 -0000 You can stop spy/adware on your firewall at the protocol level with snort (from the ports) if you are willing to write some custom rules or google for them. There are some great examples of this in a snort add-on which is a collection of "bleeding edge" rules can be found at http://www.bleedingsnort.com/bleeding.rules They would look something like what is shown below, which is an actual rule used to stop Yesadvertising Banking Spyware. alert tcp $HOME_NET any -> any $HTTP_PORTS (msg:"BLEEDING-EDGE Yesadvertising Banking Spyware RETRIEVE"; uricontent:"/img1big.gif"; nocase; reference:url,isc.sans.org/presentations/banking_malware.pdf; sid:2000336; rev:2;) alert tcp $HOME_NET any -> any $HTTP_PORTS (msg:"BLEEDING-EDGE Yesadvertising Banking Spyware INFORMATION SUBMIT"; uricontent:"/cgi-bin/yes.pl"; nocase; reference:url,isc.sans.org/presentations/banking_malware.pdf; sid:2000337; rev:2; ) -----Original Message----- From: owner-freebsd-isp@freebsd.org [mailto:owner-freebsd-isp@freebsd.org] On Behalf Of JJB Sent: Tuesday, 20 July 2004 3:11 AM To: spidey@act.co.za; freebsd-isp@freebsd.org Subject: RE: Spyware & AD Ware Spyware and AD Ware are ms/windows problems. These have no effect on unix based systems. www.download.com has the most popular free downloads for removing these. -----Original Message----- From: owner-freebsd-isp@freebsd.org [mailto:owner-freebsd-isp@freebsd.org]On Behalf Of Spidey Knepscheld Sent: Monday, July 19, 2004 11:27 AM To: freebsd-isp@freebsd.org Subject: Spyware & AD Ware Hi How do I stop Spyware and AD Ware to enter my network through a FreeBSD FW or can I stop it on the Cisco ? Spidey _______________________________________________ freebsd-isp@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-isp To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" _______________________________________________ freebsd-isp@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-isp To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"