stewatts
asked on
Blaster Honeypot
Hi Guys
Does anyone know of a program similar to NetBususter but for Blaster?
I want a program to listen on the port that blaster communicates with and alert me when an infected machine tries to connect, along with the IP address of the machine?
Many thanks
Does anyone know of a program similar to NetBususter but for Blaster?
I want a program to listen on the port that blaster communicates with and alert me when an infected machine tries to connect, along with the IP address of the machine?
Many thanks
ASKER
Hi Rich
I don't have access to any of these products. Do you know of anything that I can download similar to netbuster for netbus?
Thanks for your help
I don't have access to any of these products. Do you know of anything that I can download similar to netbuster for netbus?
Thanks for your help
download zonealarm from zonelabs.. They have a free version and that should alert you when that port has activity (if you set the firewall rule up correctly)...
ASKER
I may have to resort to this but I am on a corporate network so this isn't ideal.
Ideally what I need is a standalone program that I can just have sat listening to traffic and alerting me to Blaster traffic.
Thanks guys
Ideally what I need is a standalone program that I can just have sat listening to traffic and alerting me to Blaster traffic.
Thanks guys
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
do you have a firewall on your corporate network itself? if so, just block the ports that blaster uses to communicate.... This should prevent the virus from getting into your network anyhow. Also, your IT department needs to make sure they have the latest security patches by MS... if you do these, you shouldn't have to worry about the existing versions of Blaster (or variants) out there...
ASKER
That's the problem. I AM the IT support.
I have just started and it's a bit of a mess. No central AV, multiple sites with various perm none perm network connections etc.
I know we have blaster on some machines but they are hard to find as they get switched on and off so I am looking for something that will sit and tell me when it detects an attempted infection.
I thought of SNORT/other firewalls but it's a hammer to walnut solution really. I will just have to go with this if nobody knows of another tool
Thanks guys
I have just started and it's a bit of a mess. No central AV, multiple sites with various perm none perm network connections etc.
I know we have blaster on some machines but they are hard to find as they get switched on and off so I am looking for something that will sit and tell me when it detects an attempted infection.
I thought of SNORT/other firewalls but it's a hammer to walnut solution really. I will just have to go with this if nobody knows of another tool
Thanks guys
I know of scanners... but they are HD scanners... what you may be able to do is use a logon script to scan peoples HD's for blaster, or others... it's easy to script McAfee's Stinger tool, and it finds about the 50 of the latest viri and thier variants... and cleans them. I'd make a netlogon script (.bat file) that says the following...
@echo off
Rem don't show output
copy Stinger.exe %userprofile%/desktop
sleep 3
Rem wait 3 seconds, then scan local HD's
%userprofile%/desktop/Stin
end
All you have to do is get stinger: http://vil.nai.com/vil/stinger/
Place it in the Netlogon directory on your domain controllers... when a user signs in, if they have the netlogon check mark on their account, the file should copy to their desktop, then run and log anything it finds (locally:( - then the next week, remove the script- and write one that will tell you who had the virus from the log file.
-rich
@echo off
Rem don't show output
copy Stinger.exe %userprofile%/desktop
sleep 3
Rem wait 3 seconds, then scan local HD's
%userprofile%/desktop/Stin
end
All you have to do is get stinger: http://vil.nai.com/vil/stinger/
Place it in the Netlogon directory on your domain controllers... when a user signs in, if they have the netlogon check mark on their account, the file should copy to their desktop, then run and log anything it finds (locally:( - then the next week, remove the script- and write one that will tell you who had the virus from the log file.
-rich
the old machine with default install of windows 2000/XP but put files watch, registry watcher and packet sniffer that logs.
etheral sniffer is best packet sniffer.
etheral sniffer is best packet sniffer.
-rich