djgoku wrote:
Today at work we are having problems with "Viruses/spyware/stuff" and I am wondering what I could setup in linux to say passive/active scanning a network for viruses/spyware/stuff. And stuff that looks for viruses/spyware/stuff trying to connect to ports it shouldn't be. A packet sniffer would probably be one thing, my I don't know enough about tcp/ip/udp/stuff to work it and understand what it is showing me. I guess I might have to start reading up on packet sniffing. So tools I think might be good ethereal, snort, nmap.
Just look at what IPCop has included. They monitor for intrusion with Snort, NAT all connections to prevent direct machine connection unless the PC internal to the LAN initiated it, open/port forward only the ports you specifically open.
Since you mention viruses and spyware, you must be using Windows. If you have a Linux mailserver, add ClamAV or Amavis or some commercial product, several anti-virus companies now support Linux on the Mail/File server. On the Windows PC you should have some virus scanning product. You could occasionally scan with AdAware by Lavasoft AND also use Spybot Seek & Destroy. If you want active/constant scanning like antivirus software does, you have to pay for the Pro version. If you have a big problem it may be worth it. You may also want a local firewall like Zone Alarm. If you are using XP, you could at the very least activate the on-board personal firewall.
To sniff traffic on the LAN you could also use Nessus on a Linux box. It is semi-complicated. you have to put your NIC in promiscuous mode so it listens and logs all traffic. You need at least 256 MB ram and a decent size disk to capture all the logs and packets. Look at some of the tools avail. on Phlak, Knoppix-Std and INSERT Linux.
Start with the client PCs though and get them all clean first. You may just need to lock down regular users so they can't install software, turn off Direct X and other stuff in the browser, get them Firefox and remove their desktop icon for IE. This is how it starts.
---------------------------------------------- Somewhere there is a village missing an idiot.