RE: [CentOS] antivirus sniffer/scanner for networks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

> 	You need to Span/Mirror the traffic from your distribution
> switch(es) to an ethernet card appropriate for the size of traffic you
> see, 0-100mbps 100mbps ethernet, 100-1000 gigabit. And then run Snort
> with all of the plugins to look for malicious traffic. There aren't
> really network "virus" scanners so much as there are IDS detection
> programs which will detect the traffic signatures of the 'worm/malware'
> spreading software and alert you. As viruses are generally local host
> problems but the 'spreading' of them you CAN detect.
>
> HTH.
>
> -Drew
>
>
> -----Original Message-----
> From: centos-bounces@xxxxxxxxxx [mailto:centos-bounces@xxxxxxxxxx] On
> Behalf Of eric@xxxxxxxxxxxxxxxxxxxxxxxxxx
> Sent: Tuesday, October 10, 2006 11:39 AM
> To: centos@xxxxxxxxxx
> Subject: [CentOS] antivirus sniffer/scanner for networks
>
> Is anyone aware of a package that can detect viri on the network &
> possibly alert when there are?
>
> Here is the scenario:  Our network is utilized by guest users all the
> time, sometimes into the thousands. We see guests from all over with a
> variety of OSs & hardware, all of which, we have no control or say in
> that matter.
>
> I am looking for something that I can run in promiscuous mode and/or on
> a span port that will sniff for viri and then alert/log when it sees a
> virus. We can then track down the culprits' ip/mac and shut off the
> switch port he/she is connected to and then visit with the guest to help
> them clean their machine.
>
> Given the nature of our network and our guests' needs, an inline
> solution is not an option. Although, I recall that squid supports WCCP,
> I'm not sure that it would do what I am requesting. I also looked at
> snort+libclamav, but the info was inconclusive.
>
> We are a CentOs shop and I have a spare dual xeon box that I can use for
> the task.
>
> Thanks,
>
> Eric
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
>

Thanks, I will pursue the snort path then....
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux