Re: OT: Windoze spyware?
On Fri, 8 Jul 2005, Marty wrote:
> This is for readers who are unfortunate enough to have
> more Windows administration knowledge than I. The sole
> Windoze XP box on my LAN is sending http requests to
> a site named movies.go.com, although there is no web
> client running on the XP box (at least none obvious).
> I am analyzing the LAN traffic and appreciate any
> ideas about where to go next.
If the traffic from the Winbox is passing through a Linux box then you can
use transparent proxying to force all HTTP requests to the Linux box and
run it through Squid. You can then monitor the traffic to see what is
happen and even block it.
> I've heard all the chilling spyware stories, but this is
> an eye opener for the sheer volume of data being passed
> 24/7 to or from this box. But what data and to whom?
It is often a good idea to isolate any Winboxes in their own LAN and
firewall them from the other boxes as much as possible (including the
aforementioned transparent proxy and squid cache :). Then the users of
the non-Win boxes can be less worried about network sniffing, attacks,
etc.
Rob
--
Robert Brockway B.Sc. Phone: +1-416-669-3073
Senior Technical Consultant Email: support@opentrend.net
OpenTrend Solutions Ltd. Web: www.opentrend.net
We are open 24x7x365 for technical support. Call us in a crisis.
Reply to: