[prev in list] [next in list] [prev in thread] [next in thread]
List: ipfilter
Subject: Re: Treating the "New Trojan Sending Data To Russia" Problem
From: Chris Wasser <cwasser () v-wave ! com>
Date: 2000-07-30 4:22:53
[Download RAW message or body]
On Sat, Jul 29, 2000 at 05:08:33PM -0500, James Moore wrote:
> In a SANS News Flash dtd July 28, 2000, they advised blocking all traffic
> to or from 194.87.6.X (see an excerpt from the SANS Flash below for
> details). I have added the following rules to my ipf.rules file -
> analysis and comments are welcome:
It's not a trojan. It's a monitoring software such as those employed by paid-to-surf \
programs. It's client tracking, nothing more. You'll notice that this "suspected \
trojan" is using port 8080 and the sniffed traffic is client->webserver \
communications (from the full SANS report)
Generally, sites should use a default policy of deny-all anyways and open up only \
those services which are required. Unfortunately, Conseal PC Firewall is hardly what \
I'd call superior packet filtering software and these SANS guys seem rather obtuse \
(some of their earlier reports)
Take it as you will.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic