Re: Security reasons to block hotbar.com ?

From: msnews (ef_hutton@hotmail.com)
Date: 12/11/02


From: "msnews" <ef_hutton@hotmail.com>
Date: Wed, 11 Dec 2002 14:41:39 -0600

Get a product like Packet Hound that sniffs all network traffic and can drop
any type base on rules. I don't care how much kaaza, aim or others like to
port jump, it will kill them dead.
"Karl Levinson [x y] mvp" <levinson_k@excite.com> wrote in message
news:#eWaLQVoCHA.672@TK2MSFTNGP08...
> I do find that blocking threats per IP address or name is a last resort,
> only if you cannot block a certain port because it is a necessary port.
>
> A good example is chat like AOL AIM. You first want to block the default
> AIM ports, but AIM can use other common ports like TCP 80. You can't
close
> TCP 80 entirely, because that will block normal web browsing. So, in this
> special case, you can block all ports entirely for traffic going to the
AIM
> logon servers and/or logon names. This however is the exception to the
> rule, which is usually to block ports first.
>
> You do want to consider configuring your firewall and proxy to block all
> ports both incoming and outgoing except for those that are specifically
> allowed. If you're not sure how to do this, start by taking a chunk of
your
> firewall logs for a week or so to see which ports are being used. Block
all
> ports except for those, and then research those ports one by one to
confirm
> that you really want to be permitting them as well.
>
>
> "Marlon Brown" <marlon_brown@hotmail.com> wrote in message
> news:#ga5qbUoCHA.2408@TK2MSFTNGP11...
> > Sorry for the poor explanation.
> > This is my problem: if I find out that a certainsite.com delivers
spyware
> > content, what would be the best way to block spyware ?
> > I guess the answer would be setting up one of the tools you informed
> below.
> > A co-worker suggested to block settings on our company proxy or
firewall,
> > but I guess I couldn't handle do that for every damn spyware site !
> > So yes, installing a tool on the client machine would make more sense.
> > Thanks x y !
> >
> >
> >
> >
> > "Karl Levinson [x y] mvp" <levinson_k@excite.com> wrote in message
> > news:uMn4T4ToCHA.2412@TK2MSFTNGP09...
> > >
> > > "Marlon Brown" <marlon_brown@hotmail.com> wrote in message
> > > news:O6aZphToCHA.1596@TK2MSFTNGP11...
> > > > Can you analyze any spyware or security reasons behind hotbar.com ?
> > >
> > > I don't understand your question, but try finding the answer yourself
by
> > > searching www.google.com and/or www.google.com/advanced_group_search
> > >
> > > Adware and related malware can be blocked using some or all of the
> > > following:
> > > http://securityadmin.info/faq.htm#adware
> > > http://securityadmin.info/faq.htm#firewall
> > > http://securityadmin.info/faq.htm#antivirus
> > > http://securityadmin.info/faq.htm#antitrojan
> > > http://securityadmin.info/faq.htm#harden
> > >
> > >
> > >
> >
> >
>
>



Relevant Pages

  • AdAware, SpyBot S &D, etc. + leave PC connected to Internet
    ... Does it have somehting to dow the Firewall ... with spyware services and adsites, the latter of which can be worse ... What ports are open? ... routers do absolutely zero as far as preventing outbound connection ...
    (comp.security.firewalls)
  • RE: Spyware
    ... most spyware uses the outbound HTTP & HTTPS ports. ... Because almost every firewall in the world allows that out. ...
    (Security-Basics)
  • Re: Denying Users access to Instant Messenger
    ... to find and use other ports that are difficult to block, ... In addition to blocking those ports, blocking AIM is usually done by ... in case they ever change the server IP addresses. ... >> users from being able to connect to MSN Messenger and AOL ...
    (microsoft.public.inetserver.iis.security)
  • Re: "Messanger Service" windows: a risk?
    ... Active Ports is a good ... This spyware may open up other ports to allow malicious ... A simple firewall won't stop these ... The Messenger service is a Microsoft service that has a port open to ...
    (microsoft.public.security)
  • Re: how to block AIMEXPRESS in a domain
    ... I'd first want to block it using a firewall. ... the ports commonly used by AIM, but because it can also use TCP 80 and other ... Search www.google.com for something like "block aim ... is there anything in domain group policy? ...
    (microsoft.public.win2000.security)