Russell L. Harris wrote:
Yesterday I read another article bemoaning the large number of Window$
machines which have been commandeered remotely and turned into
spam-spewing zombies.
If I understand the matter correctly, a firewall can protect only
against incoming messages, and is useless against spyware which
"phones home" or zombie-ware which spews email spam.
So, before I preach about the dangers of spyware and zombies to my
buddies using Window$, how can I be certain that my own Debian machine
has not been compromised and has not become a zombie? Is there a
simple test which I can run on a weekly basis?
My LAN is protected by a machine running SmoothWall Express 2.0,
acting as a firewall and router. Would an internal firewall package be
useful in this environment?
As someone mentioned Linux already has an internal firewall.
Depending on the state of your machine, once there is a root compromise,
there is only one or two sure-fire ways to see if you're a zombie.
1) Set up a brand new intermediate machine that captures all network
traffic from the machine you're questioning and see what it's doing.
2) If you have a hash of all the files (like tripwire provides) on some
media that was NOT compromised, you can check those.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
