Security Basics mailing list archives

Re: Spyware

From: "Jon Lawhead" <samurai () berkeley edu>
Date: Wed, 15 Dec 2004 16:33:26 -0800

Hi Matt,

Unfortunately the spyware industry isn't nice enough to standardize what port its programs usewhen phoning home. You best bet would just be to prevent any unauthorized programs from gettingout; that way they'll be blocked no matter what port they try.



Jon Lawhead
UC Berkeley Rescomp/SINE

On Tue, 14 Dec 2004 17:37:48 -0500
 Matt Stern <sternm () comprehensive com> wrote:

Hello all:
I was just wondering if spyware sends its answers "back home" on any particular TCP or UDP port.If so, then couldn't I doubly safeguard the LAN (after trying to keep all the spyware off theworkstations) by disallowing outbound communications via the firewall, for those ports? Orconversely, instead of allowing all outbound traffic, only allow theusual ports, such as 80, 443, 23, etc?
Thanks.

--
Matthew H. Stern, CCP/CDP, sternm () comprehensive com
Serving the IT industry since 1976
Comprehensive Computer Services Inc.
www.comprehensive.com
Phone: 631 755-2250, Fax 755-2254
560 Broad Hollow Road, Melville NY 11747

Current thread:

Spyware Matt Stern (Dec 15)
- Re: Spyware dallas jordan (Dec 16)
- Re: Spyware Liran Cohen (Dec 16)
- Re: Spyware Jon Lawhead (Dec 16)
- <Possible follow-ups>
- RE: Spyware Gross Barry D. (Dec 16)
- RE: Spyware Jeff Gercken (Dec 16)
- RE: Spyware Griffin, Van (Dec 16)
- RE: Spyware Friend, Jason A Contractor/CoTs (Dec 16)
- RE: Spyware geraldf (Dec 16)
- RE: Spyware Paris E. Stone (Dec 17)