IDS mailing list archives

Re: Tools to help incident response

From: Ron Gula <rgula () tenablesecurity com>
Date: Sat, 14 Oct 2006 08:53:36 -0400

Hello, 

You might want to try the windows version of ClamAV. I haven't tried
it personally, but it may be a suitable alternative to stinger. 

There are many types of P2P. You can find evidence of them with most 
vulnerability scanners such as Nessus. Most NIDS also have rules to
look for P2P apps as well. If you have budget for a commercial solution, 
our Passive Vulnerability Scanner lets you find P2P software through
direct network sniffing. It also finds most server and client 
vulnerabilities, ports that are open or used to browse, NAT devices
and so on. The URL for it is here:

http://www.tenablesecurity.com/products/pvs.shtml

Ron Gula, CTO
Tenable Network Security
http://www.nessus.org
http://www.tenablesecurity.com
http://blog.tenablesecurity.com


At 09:30 PM 10/12/2006, Johnny Wong wrote:

Hello,

I am part of the incident response team in my organization. Part of our daily task is to respond the virus/worm 
incidents by remote scanning the suspected machines. We have been using Stinger.exe from McAfee to do this. The pros 
of using Stinger are (1) it's lightweight, (2) it's command-line executed hence I could use Psexec with it. However, 
Stinger.exe hasn't been updated since May 06, and we have encountered situations where it failed to detect newer worm 
variants. Can anyone point me to other lightweight virus/worm scanners out there?

Secondly, we have been having problems with P2P software running in our networks. Time and again we have to use 
network logs to trace P2P-enabled machines and tell the owners of these machines to uninstall the offending software. 
Is there a scanning tool out there that can detect the presence of P2P software on a machine?

Thank you all,

J Wong
Singapore



------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
to learn more.
------------------------------------------------------------------------

Current thread:

Tools to help incident response Johnny Wong (Oct 13)
- RE: Tools to help incident response Mark Brunner (Oct 16)
- Re: Tools to help incident response Ron Gula (Oct 16)
- <Possible follow-ups>
- RE: Tools to help incident response Chris Brown (Oct 16)