IDS mailing list archives

RE: Tools to help incident response

From: "Chris Brown" <chris () get-tuf com>
Date: Sat, 14 Oct 2006 07:18:53 +0100

Hi Johnny

Why not use a network based IDS/IPS to detect these traffic types?  I know
that McAfee IntruShield, amongst others, will detect (and block if required)
both of these as well as other malicious or unwanted traffic types.

Regards

Chris

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Johnny Wong
Sent: 13 October 2006 02:30
To: focus-ids () securityfocus com
Subject: Tools to help incident response

Hello,

I am part of the incident response team in my organization. Part of 
our daily task is to respond the virus/worm incidents by remote 
scanning the suspected machines. We have been using Stinger.exe from 
McAfee to do this. The pros of using Stinger are (1) it's 
lightweight, (2) it's command-line executed hence I could use Psexec 
with it. However, Stinger.exe hasn't been updated since May 06, and 
we have encountered situations where it failed to detect newer worm 
variants. Can anyone point me to other lightweight virus/worm 
scanners out there?

Secondly, we have been having problems with P2P software running in 
our networks. Time and again we have to use network logs to trace 
P2P-enabled machines and tell the owners of these machines to 
uninstall the offending software. Is there a scanning tool out there 
that can detect the presence of P2P software on a machine?

Thank you all,

J Wong
Singapore


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=in
tro_sfw 
to learn more.
------------------------------------------------------------------------


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
to learn more.
------------------------------------------------------------------------

Current thread:

Tools to help incident response Johnny Wong (Oct 13)
- RE: Tools to help incident response Mark Brunner (Oct 16)
- Re: Tools to help incident response Ron Gula (Oct 16)
- <Possible follow-ups>
- RE: Tools to help incident response Chris Brown (Oct 16)