From owner-freebsd-questions@FreeBSD.ORG Fri Nov 12 17:48:53 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 634F516A4CE for ; Fri, 12 Nov 2004 17:48:53 +0000 (GMT) Received: from imo-m18.mx.aol.com (imo-m18.mx.aol.com [64.12.138.208]) by mx1.FreeBSD.org (Postfix) with ESMTP id D406243D55 for ; Fri, 12 Nov 2004 17:48:52 +0000 (GMT) (envelope-from TM4526@aol.com) Received: from TM4526@aol.com by imo-m18.mx.aol.com (mail_out_v37_r3.8.) id b.ff.65de15a (14374); Fri, 12 Nov 2004 12:48:32 -0500 (EST) From: TM4526@aol.com Message-ID: Date: Fri, 12 Nov 2004 12:48:31 EST To: bsilver@chrononomicon.com MIME-Version: 1.0 X-Mailer: 9.0 for Windows sub 5114 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.1 cc: questions@freebsd.org Subject: Re: Squid+Privoxy or Snort? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Nov 2004 17:48:53 -0000 In a message dated 11/12/04 9:38:59 AM Eastern Standard Time, bsilver@chrononomicon.com writes: > I'm trying to investigate some potential solutions to escape from > different microsoft specific malware (like gator's software). > The two mentioned in subject were found after some Google search. > Wonder what are you guys using for this sort of problems. > Thanks. >Squid can be used if you redirect all web traffic through the squid >proxy; we have used squid with SquidGuard to block access to some >gator-esque sites. If they get infected, they at least can't phone >home and we can see what IP's are trying to phone home so we can clean >them up if it's a problem. The issue with proxies is that they are a drag on your network; using squid as a firewall only isnt very smart. If you are already using it fine. But on a large network you are better off using a firewall or some sort of bandwidth management like the stuff on etinc.com.