Re: How to tell if a firewall alert is suspicious or not
From: Volker Birk (bumens_at_dingens.org)
Date: 16 Sep 2005 17:06:09 +0200
Art <firstname.lastname@example.org> wrote:
> Volker, what do you recommend for finding malicious outbound? Is there
> some freeware packet logging sw that can be set to be smart enough to
> alert users? Payware? If so, what would something like that cost?
Unfortunately, it is not possible to reliably detect hidden outgoing
information without dropping connectivity. This is because of the existence
Even what professional IDSes are doing, is lacking reliability.
Therefore, I don't recommend trying to find "malicious outbound" at all;
instead of this, I'm recommending preventing malware from running on your
I think, this is a much better concept.
-- "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in deutschen Schlafzimmern passiert". Harald Schmidt zum "Weltjugendtag"