Re: [WISPA] Malware monitor Device
I have seen a demo of this product and think it might work the way you are talking.. http://www.trusteli.com/business/isp.php Zack On 5/15/07, Gino Villarini <[EMAIL PROTECTED]> wrote: Is there any device on the market that would monitor that would sit between my network and my internet feed and do this: 1-monitor customer traffic 2-identify problematic traffic(malware,storms, ect) 3- Redirect those customers to a Cleanup portal Or can it be developed with the current open source tools? (nagios,Ntop,snort)? Gino A. Villarini [EMAIL PROTECTED] Aeronet Wireless Broadband Corp. tel 787.273.4143 fax 787.273.4145 -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Malware monitor Device
Mac what are you doing on this list? Did you get lost? (laughing spilling coffee on the keyboard) Bo On 5/15/07, Mac Dearman <[EMAIL PROTECTED]> wrote: > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of [EMAIL PROTECTED] > > If you're interested in one, talk to Mac Dearman. His company is a > Barracuda reseller, and Mac's just a generally swell guy regardless. :) > > David Smith > MVN.net [Mac says:] OK David - What are you up to? Are you in jail again and need bail money? :-) Mac -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
RE: [WISPA] Malware monitor Device
> -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of [EMAIL PROTECTED] > > If you're interested in one, talk to Mac Dearman. His company is a > Barracuda reseller, and Mac's just a generally swell guy regardless. :) > > David Smith > MVN.net [Mac says:] OK David - What are you up to? Are you in jail again and need bail money? :-) Mac -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
RE: [WISPA] Malware monitor Device
Here are the list of things I would do. 1) netflow You can get some good information from netflow. It will track each connection and the amount of data pulled. Your routers need to support it. You can do this one with open source tools or with a commercial product. http://www.onlamp.com/pub/a/bsd/2005/08/18/Big_Scary_Daemons.html http://www.onlamp.com/pub/a/bsd/2005/09/15/Big_Scary_Daemons.html http://www.onlamp.com/pub/a/bsd/2005/10/27/Big_Scary_Daemons.html This can provide you with a wealth of information. With proper reporting you can tell who uses the most bandwidth, what is the popular protocols, who sent the most email, etc. 2) Snort I am not too familiar with snort, at my last job they used it on the internal network to detect infected student laptops. It was about 2500+ students, and a pretty hefty machine to digest all the data. This is another one that can be built As an open source system or you can probably find an appliance. As far as making Snort automatically block that, may take some work. Although I am sure it has the ability to respond to specific traffic, I am not familiar with it enough to say how easy it is to setup. Rather than having an automated system, you could have a CSR call the customers (not sure what your customer base is, so I can't say how feasible it is) that are infected and notify them that way, if you have the proper process you could even guide them through the cleanup. Its another source of revenue, or at least lets your customers hear from you once in a while. Ryan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gino Villarini Sent: Tuesday, May 15, 2007 12:31 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; WISPA General List Subject: [WISPA] Malware monitor Device Is there any device on the market that would monitor that would sit between my network and my internet feed and do this: 1-monitor customer traffic 2-identify problematic traffic(malware,storms, ect) 3- Redirect those customers to a Cleanup portal Or can it be developed with the current open source tools? (nagios,Ntop,snort)? Gino A. Villarini [EMAIL PROTECTED] Aeronet Wireless Broadband Corp. tel 787.273.4143 fax 787.273.4145 -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Malware monitor Device
> Is there any device on the market that would monitor that would sit > between my network and my internet feed and do this: > 1-monitor customer traffic > 2-identify problematic traffic(malware,storms, ect) > 3- Redirect those customers to a Cleanup portal I'm not sure whether it covers broadcast storms, but Barracuda Networks does offer a "spyware firewall." As I understand it, it's basically a transparent Web proxy, that bounces probably-infected PCs to itself, where there's a Web-based cleanup tool. Gets you most of the benefits of all your customers' PCs having Spybot or Ad-Aware installed (and up-to-date). I've not used it, but I do own a couple of Barracuda's mail filtering boxes, and they generally work pretty well. If you're interested in one, talk to Mac Dearman. His company is a Barracuda reseller, and Mac's just a generally swell guy regardless. :) David Smith MVN.net -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
[WISPA] Malware monitor Device
Is there any device on the market that would monitor that would sit between my network and my internet feed and do this: 1-monitor customer traffic 2-identify problematic traffic(malware,storms, ect) 3- Redirect those customers to a Cleanup portal Or can it be developed with the current open source tools? (nagios,Ntop,snort)? Gino A. Villarini [EMAIL PROTECTED] Aeronet Wireless Broadband Corp. tel 787.273.4143 fax 787.273.4145 -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/