Feature Requests item #1441451, was opened at 2006-03-02
05:01
Message generated for change (Comment added) made by
peter-endian
You can respond by visiting:
https://sourcefo
rge.net/tracker/?func=detail&atid=725142&aid=1441451
&group_id=132104
Please note that this message will contain a full copy of
the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: None
>Status: Closed
Priority: 5
Private: No
Submitted By: Dayne Lucas (dayne)
>Assigned to: Peter Warasin (peter-endian)
Summary: Spyware blocking
Initial Comment:
Ok I know that this might be a little late for Endian
Firewall 2. However this would really be nice to have
as a selling point for Endian Firewall, and it is
really easy to implement with a cron job. I found this
proding around smoothwall forums:
A potential solution for antispyware gateway is Black
Hole DNS.We all have had problems with machines being
overrun by malware: taking 20 minutes to startup,
constant popups, hijacking of the home and search
pages, bookmarks being added, etc. Malware can even
turn a machine into a "zombie", and be an
unwilling
participant in spam sending/relaying, address
harvesting, or DDOS attacks against other computers.
One of the more popular techniques for fighting malware
among home users is through the use of a host file for
DNS redirection. A host can be used to maps hostnames
associated with malware to a different IP address (such
as a loopback address, 127.0.0.1). This will prevent
connections to those malicious sites from ever taking
place. (There is an irony here, as some of the more
"evil" malware hijacks your host file to prevent
their
removal or to redirect search queries).
Well with Endian we have DNSMasq. With the attached
script file from Kurt Kincaid from Smoothwall, we can
load the Black Hole DNS zones into the dnsmasq config
file. The script (with a cron job) automatically
downloads the latest spywaredomains.zone file from
Spyware Listening Post (www.bleedingsnort.com).
I know the outgoing firewall blocks most of the malware
ports, however some malware uses standard HTTP ports,
and clamav does not have many signatures to block
spyware. This would definitely block spyware,
keyloggers and other malware from talking back to the
spyware servers on the net.
Best regards,
Dayne
------------------------------------------------------------
----------
>Comment By: Peter Warasin (peter-endian)
Date: 2007-02-16 10:26
Message:
Logged In: YES
user_id=1159983
Originator: NO
feature has been implemented
------------------------------------------------------------
----------
Comment By: squeege (squeege)
Date: 2006-10-18 16:54
Message:
Logged In: YES
user_id=1029698
Starting with version 0.99 - CLAMAV will support spyware
malware scanning; so it's just a question of updating to
that version...
------------------------------------------------------------
----------
Comment By: Dayne Lucas (dayne)
Date: 2006-03-02 05:25
Message:
Logged In: YES
user_id=1391124
Ok, found a modification of the script. So I updated it. It
adds an ignore file so you can whitelist certain domains
from spyware blocking.
Best regards,
Dayne
------------------------------------------------------------
----------
You can respond by visiting:
https://sourcefo
rge.net/tracker/?func=detail&atid=725142&aid=1441451
&group_id=132104
------------------------------------------------------------
-------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the
chance to share your
opinions on IT & business topics through brief
surveys-and earn cash
http://www.techsay.com/default.
php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Efw-devel mailing list
Efw-devel lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/efw-devel
|
