Slashdot Mirror

← Back to Stories (view on slashdot.org)

Using Firewalls to Block Spyware?

Posted by Cliff on from the active-network-counterintelligence dept.

MartinMotor asks: "I'm a Network Administrator for a company with approximately 200 users, and we just installed a shiny new PIX. Being the resourceful network geek type, I immediately started adding deny statements to kill off access to places where people can download evil cursed programs like HOTBAR. Is there anywhere out there where people like me are maintaining a list of IPs for spammers, spyware progs, and pop-uppers to add to our firewalls? I can't be the first person to have this idea."

5 of 72 comments (clear)

  1. spybot search and destroy by joFFeman · · Score: 5, Informative

    comes with a HOSTS.TXT that you can extract the data from.

    http://security.kolla.de/

    --
    "Life is great; without it, you'd be dead." -Harmony Korine
  2. Firewall policy by Krandor3 · · Score: 5, Informative

    A firewall should be configured to deny everything and only allow through what is needed. Only open ports that you need to open. Stuff like pop-ups that run on port 80 (which you need to open for at least your squid proxy) are a different matter As for blocking pop-ups and stuff like that, those are best done on the proxy server. On my proxy, I block all ad related sites (doubleclick, etc) and it is real easy to do with squid. The downside is that on some sites (like cnn) you get java errors on some of their java code. Just tell the users to say "no" to the "do you want to execute more java code from this page" and it is fine. That is the configuration I use and it works fine.

  3. Maybe these? by Gryftir · · Score: 4, Informative

    Spy Sites
    As a side note, if you can't find a big enough list, you can always load the spyware on a test machine.

    Gryftir
    Death to all Fanatics!

    --
    http://www.santacruzbynight.com/index.shtml Santa Cruz By Night Vampire Larp
  4. Re:Time wasters... by muonzoo · · Score: 4, Informative
    In case you can't figure it out; it's funny.
    Welcome to Darwin!
    bash-2.05a$ host 66.35.250.150
    150.250.35.66.IN-ADDR.ARPA is a nickname for 150.0/24.250.35.66.IN-ADDR.ARPA
    150.0/24.250.35.6 6.IN-ADDR.ARPA domain name pointer slashdot.org
  5. hosts file works well by infonography · · Score: 4, Informative

    Here is a copy of mine in Text format.

    --
    Sorry about the writing. Robot fingers, you know? Cliff Steele in DOOM PATROL #23