Sounds like you are in need of a decent web content filter/proxy.
On Fri, Apr 16, 2010 at 4:44 AM, Saeid Ansaripour <[email protected]>wrote: > Thank you Andre > > If I'm not mistaking, this script is only good for a linux machine. > I'm trying to get a use out of ossec against fake anti-virus scanner > problem > that we have in our company on our windows machine. > > We have over 10,000 computers that all run windows xp, some of them have > this rogue anti-virus on them which disables users from doing anything. > I want to find a way to find out how they are coming to our network and > then > block it. > > They of course make changes to the system which can be detected by ossec in > integrity check. > But the question is how do I prevent them by using ossec or your script. > > Thanks > -----Original Message----- > From: [email protected] [mailto:[email protected]] On > Behalf Of Andre Pawlowski > Sent: Thursday, April 15, 2010 1:44 PM > To: [email protected] > Subject: Re: [ossec-list] IPS > > It can block the attack. If it detects it in any log it can do any > action you want. I've written a script that mirrors the attack back to > the attacker ( http://h4des.org/source/blog/mirroring-traffic.sh.txt ). > > If you want more, you can combine it with snort or any other NIDS. Ossec > is a great platform to manage action agains intruders. > > > Andre Pawlowski > > ------------------------------------------------------------------- > > Wenn eine Idee nicht zuerst absurd erscheint, taugt sie nichts. > -Albert Einstein > > On 04/15/2010 05:35 PM, Saeid Ansaripour wrote: > > Is osses doing any kind of IPS at all. > > It looks like ossec is more like of a loging management than anything > > else. > > How does it prevent the intrusion if say a malware attacks a system? > > > > > > > -- > To unsubscribe, reply using "remove me" as the subject. > >
