postdiction Posted January 27, 2009 Share Posted January 27, 2009 Hi, I am new to the forums but, not the sho I have strong cs background but little to no knowledge of network security. I have a spare pentium 3 box which i could add 2 nics to and use this as network monitor. I don't want to use this box as a firewall (ie smoothwall) rather, I wanted to use as a system to monitor incoming and out going traffic for viruses, spyware etc... I have people over at my place often, friends and family. Invariablly, when I let people on my network, my xp box gets infected with something or the other. Now I usually just wipe it clean and rebuild it however, I get worried sometimes because I like to do online banking and bill paying. Thus, I want a system that can alert me once something malicious has gotten on my network. I believe this box would sit between my cable modem and wireless router monitoring for spyware, root kits etc... I am not sure but would that be considered intrusion detection???? I can usually spot spyware because i have a good idea of what is running on my system however, what really scares me is root kits. So anybody have suggestions to where I should look? thanks in advance. Quote Link to comment Share on other sites More sharing options...
H@L0_F00 Posted January 27, 2009 Share Posted January 27, 2009 I don't see how this would help or if it's even practical Why not just use a good AV and firewall? Quote Link to comment Share on other sites More sharing options...
Sparda Posted January 27, 2009 Share Posted January 27, 2009 What you would need to do is setup a proxy (transparent or other wise) which downloads the files on behalf of the client and scans them for viruses. Difficulty 1: The choice of virus scanner isn't exactly easy. ClamWin might be ok, but it's pretty behind on the definitions. Difficulty 2: This won't actually fix the problem you are looking at. The problem seems to be that when people come to your house and they connect to your network there computers infect yours. So the viruses (or what ever) aren't coming in through the internet, they are walking in the front door. The fix for this is to have two separate networks. One for 'untrusted' computers, and one for 'trusted'. Quote Link to comment Share on other sites More sharing options...
postdiction Posted January 27, 2009 Author Share Posted January 27, 2009 Appreciate the responses guys. I guess i am resigned to the fact that my xp system is going to get infected. I just want to know when my pc becomes infected without having to trust a virus scanner on the xp system itself. The reason, I say that is because, root kits can be invisible even from the best spyware scanners. However, I was thinking if I have an independent box monitoring my network/xp box then, I can trust the results a little more. Thanks Quote Link to comment Share on other sites More sharing options...
DingleBerries Posted January 27, 2009 Share Posted January 27, 2009 A. Use Linux B. Use a guest account with Steady State C. Find out what they are doing on YOUR internet D. Dont let them use YOUR computer E. Before the come over block ports used for P2P and Torrents F. Use a program to monitor changes that have occured in the reg or Sys32 folder, hash the folder and compare regularly. Quote Link to comment Share on other sites More sharing options...
VaKo Posted January 27, 2009 Share Posted January 27, 2009 http://www.snort.org/ What is Snort? SNORT® is an open source network intrusion prevention and detection system utilizing a rule-driven language, which combines the benefits of signature, protocol and anomaly based inspection methods. With millions of downloads to date, Snort is the most widely deployed intrusion detection and prevention technology worldwide and has become the de facto standard for the industry. FFS people, this should have been post 1. Quote Link to comment Share on other sites More sharing options...
H@L0_F00 Posted January 27, 2009 Share Posted January 27, 2009 http://www.snort.org/ FFS people, this should have been post 1. This will not protect against incoming viruses though... will it? "intrusion prevention and detection" means protecting from another computer trying to remotely access the user's computer right? This might help against Trojans and such but not against system destroying viruses... Quote Link to comment Share on other sites More sharing options...
postdiction Posted January 27, 2009 Author Share Posted January 27, 2009 This will not protect against incoming viruses though... will it? "intrusion prevention and detection" means protecting from another computer trying to remotely access the user's computer right? This might help against Trojans and such but not against system destroying viruses... Actually, I snort does seem like what I want. It have just downloaded it and am starting to read about it but, it looks promising. I am not so worried about my system being destroyed as it is easy enough to re-image it. What I am concerned about is monitoring my network so I can be alerted when things go bad and I haven't detected the problem myself. Thank-you for pointing me in this direction. Quote Link to comment Share on other sites More sharing options...
VaKo Posted January 27, 2009 Share Posted January 27, 2009 This will not protect against incoming viruses though... will it? "intrusion prevention and detection" means protecting from another computer trying to remotely access the user's computer right? This might help against Trojans and such but not against system destroying viruses... Intrusion prevention systems are not the same as intrusion detection systems. Quote Link to comment Share on other sites More sharing options...
Deathdefyer2002 Posted January 28, 2009 Share Posted January 28, 2009 This is actually pretty easy to do. Install Ipcop.. Then install the Cop Filter Plugin. Should be exactly what you are looking for. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.