Spyware Tool Kit, OSPF Filtering & Authentication, Port 559 Traffic Spike

Spyware Tool Kit, OSPF Filtering & Authentication, Port 559 Traffic Spike
Anti-Spyware Tool Kit Yesterday's diary entry solicited a number of replies regarding the "tool kits" people use for fighting spyware, malware and viruses. I've collated the most popular, from both e-mail submissions and some from the Handlers themselves. This list is not necessarily complete in anyway...just a starter for people to help build their own kit. Tools: Spybot - Search & Destroy : http://security.kolla.de/ or http://www.safer-networking.org Ad-Aware: http://www.lavasoftusa.com/software/adaware/ SwatIt: http://www.swatit.org TDS-3 - Trojan Defence Suite http://tds.diamondcs.com.au/ TrojanHunter: http://www.misec.net/trojanhunter TheCleaner: http://www.moosoft.com/ BHOdemon http://www.spychecker.com/download/download_bhodaemon.html SpySweeper: http://www.webroot.com/ Process Explorer http://www.sysinternals.com/ HijackThis http://www.spywareinfo.com/~merijn/ AntiVir: http://www.free-av.com/ AVG: http://www.grisoft.com/us/us_index.php Sites: Rogue/Suspect Anti-Spyware Products & Web Sites: http://www.spywarewarrior.com/rogue_anti-spyware.htm Broadband Reports (aka DSL Reports): http://www.dslreports.com/forum/security,1 Please note, some or all of these tools are NOT for the novice, and should be used with GREAT care. If you are not careful, you may damage parts of your operating system. OSPF Filtering & Authentication Yesterday, Cisco released an advisory regarding a vulnerability in their OSPF implementation that could result in a DOS of a router. The notice also provided links to updated software that should resolve the issue. However, there are a number of SOPs (standard operating procedures) that router admins should be following that will also help mitigate this situation. In the case of OSPF, the protocol should be filtered at your borders, if possible, running only on "internal" interfaces, and authentication should be required. The following are links that should get you started: Cisco Sample Configuration: http://www.cisco.com/warp/public/104/25.shtml Another Sample Configuration: http://www.tech-recipes.com/cisco_router_tips408.html Port 559 Scanning, Request for Packets We have noted a marked increase in Port 559 scanning. This port may be related to the Domwis backdoor. Please submit any packet captures for this port to http://isc.sans.org/contact.php More information here: http://www.dshield.org/port_report.php?port=559&recax=1&tarax=2&srcax=2&percent=N&days=40&Redraw= http://securityresponse.symantec.com/avcenter/venc/data/backdoor.domwis.html ---------------------------------------------------------------- Handler-on-Duty: Dave Brookshire <dsb AT rlx DOT com>	Dave 17 Posts Aug 20th 2004
Thread locked Subscribe	Aug 20th 2004 1 decade ago