Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Tools to help incident response

from [Ron Gula] Network Security [Permanent Link]
Subject: Re: Tools to help incident response
Date: Sat, 14 Oct 2006 08:53:36 -0400 
Hello, 

You might want to try the windows version of ClamAV. I haven't tried
it personally, but it may be a suitable alternative to stinger. 

There are many types of P2P. You can find evidence of them with most 
vulnerability scanners such as Nessus. Most NIDS also have rules to
look for P2P apps as well. If you have budget for a commercial solution, 
our Passive Vulnerability Scanner lets you find P2P software through
direct network sniffing. It also finds most server and client 
vulnerabilities, ports that are open or used to browse, NAT devices
and so on. The URL for it is here:

http://www.tenablesecurity.com/products/pvs.shtml

Ron Gula, CTO
Tenable Network Security
http://www.nessus.org
http://www.tenablesecurity.com
http://blog.tenablesecurity.com


At 09:30 PM 10/12/2006, Johnny Wong wrote:

Hello,

I am part of the incident response team in my organization. Part of our daily 
task is to respond the virus/worm incidents by remote scanning the suspected 
machines. We have been using Stinger.exe from McAfee to do this. The pros of 
using Stinger are (1) it's lightweight, (2) it's command-line executed hence I 
could use Psexec with it. However, Stinger.exe hasn't been updated since May 
06, and we have encountered situations where it failed to detect newer worm 
variants. Can anyone point me to other lightweight virus/worm scanners out 
there?

Secondly, we have been having problems with P2P software running in our 
networks. Time and again we have to use network logs to trace P2P-enabled 
machines and tell the owners of these machines to uninstall the offending 
software. Is there a scanning tool out there that can detect the presence of 
P2P software on a machine?

Thank you all,

J Wong
Singapore



------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to 
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
 
to learn more.
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Tools to help incident response, Mark Brunner
Next by Date:  Re: RE: [lists] New IPS testing methodology, robert . giberson
Previous by Thread:  RE: Tools to help incident response, Mark Brunner
Next by Thread:  RE: Tools to help incident response, Chris Brown
Indexes:  [Date] [Thread] [Top] [All Lists]