Re: How to tell if a firewall alert is suspicious or not
From: Volker Birk (bumens_at_dingens.org)
Date: 09/16/05
- Next message: Volker Birk: "Re: Connection Issue"
- Previous message: Duane Arnold: "Re: How to tell if a firewall alert is suspicious or not"
- In reply to: Art: "Re: How to tell if a firewall alert is suspicious or not"
- Next in thread: Somebody.: "Re: How to tell if a firewall alert is suspicious or not"
- Reply: Somebody.: "Re: How to tell if a firewall alert is suspicious or not"
- Reply: Art: "Re: How to tell if a firewall alert is suspicious or not"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 16 Sep 2005 17:06:09 +0200
Art <null@zilch.com> wrote:
> Volker, what do you recommend for finding malicious outbound? Is there
> some freeware packet logging sw that can be set to be smart enough to
> alert users? Payware? If so, what would something like that cost?
Unfortunately, it is not possible to reliably detect hidden outgoing
information without dropping connectivity. This is because of the existence
of tunneling.
Even what professional IDSes are doing, is lacking reliability.
Therefore, I don't recommend trying to find "malicious outbound" at all;
instead of this, I'm recommending preventing malware from running on your
PC.
I think, this is a much better concept.
Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
- Next message: Volker Birk: "Re: Connection Issue"
- Previous message: Duane Arnold: "Re: How to tell if a firewall alert is suspicious or not"
- In reply to: Art: "Re: How to tell if a firewall alert is suspicious or not"
- Next in thread: Somebody.: "Re: How to tell if a firewall alert is suspicious or not"
- Reply: Somebody.: "Re: How to tell if a firewall alert is suspicious or not"
- Reply: Art: "Re: How to tell if a firewall alert is suspicious or not"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
