|
-
September 9th, 2002, 01:45 AM
#11
Junior Member
I use Sysinternals TCPView (freeware) To monitor all TCP and UDP, its great in that it uses very few resources, will show connected or unconnected endpoints and resolved or unresolved addresses. Along with AnalogX's NetStat Live (freeware)
One of the better Port Lists Ive come accross
And Id highly recommend TDS-3 as a scanner 
I actually keep a zoo of all trojans I capture and can aquire, to test with, and havent managed to infect myself yet. (Without disabling most of my security)
Id also highly recommend a watcher for the watchers (all Freeware)
either FileChecker or NIS FileCheck as well as a registry protector like RegistryProt
For browser security Im currently experimenting with Naviscope an internal proxy (also freeware)
Since Ive listed so much of my security so far I might as well list the rest
NOD32
ZoneAlarm with VisualZone Report Utility (both Freeware)
WormGuard
Spyblocker
AdAware (freeware)
LADS (List Alternative Data Streams (for NTFS) (freeware)
And one peice of advice, always install security software in nondefault directories
-
September 9th, 2002, 02:58 PM
#12
Junior Member
I like everything but the Zoo.... Way to go..
A slice of \"Controlled Paranoia\" is worth it\'s weight in prevention......Of course Stupidity and Faith is just fun!!!
-
September 9th, 2002, 07:00 PM
#13
Junior Member
My zoo is an isolated HDD and is very useful for testing, a habit I picked up from one of the moderators a Wilders Security Forums 
I assure you once captured they never make it to the wild again
-
September 9th, 2002, 08:54 PM
#14
and how do you do it.. Ice Czar.
copy it to a floppy (from a *nix box) after download and then run it on your stand alone test windows box??
that's the only safe way I see...
ASCII stupid question, get a stupid ANSI.
When in Russia, pet a PETSCII.
Get your ass over to SLAYRadio the best station for C64 Remixes !
-
September 10th, 2002, 12:06 AM
#15
Junior Member
Not exactly
They are aquired through downloads, that fail scans (positive IDs), or directly from sites on occasion (IE SubSeven). My "real" OS rarely sees the internet, I spend most of my time in my "test" OS trying out programs and configs, which if they prove useful and safe migrate.
My System configuration goes like this
200GB RAID5, without any OS loaded (no system partition)
3x selectable ( Romtec Trio IDE Switcher one at a time is selectable) 40GB HDDs (IDE 0 Master)
2x manually switched 40GB HDDs (IDE 1 Master) or the 2GB ZOO
When I test the security of a fresh OS config or new dezien, I select the appropriate HDD and OS and hookup the ZOO, and try to import the file or exe, its fun to see which program detects first, and which miss all together, since Ive got Ghosts and ISO backups Ive even gone as far as disabling security until the infection took, and then attempt repairs for practice, observe what they did (with a filechecker and comparitive system root. Generally even when I think Im successful I still wipe the drive and Image back). But I havent let any communication to the net take place (wouldnt want to reveal my IP)
I generally take my RAID and NIC offline when I try this, just to be safe.
Im still learning about interogating a Trojan using TDS-3 and havent worked up the courage to actually do it yet.
With 400GB of usable storage and (currently) 8 or so OS installations (98\ME\W2K\XP) Im slowly learning about security by trial and error, my next phase will be setting up a network and playing with Linux (want to build a Bastille hardened firewall)
I collect Blackhat links and read how they compromise systems, as well as preventative measures to be had in the security forums and reading rooms (SANS) Right now though Im still boning up on W2K and XP Pro Group Policy security features and Intruder Detection schemes
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
