General discussion

Locked

how to find protocol inside protocols

By riverdrift ·
like sometimes we are receiving some mail with virus,malware,spam,trojans etc but most these mail are coming through HTTP port.but exactly there is an encaptulation the virus or malware producers putting there malware in side HHTP protocol to hide it.is there any functionality to find out is is a malware encapsulated data or a legitimate deta?

This conversation is currently closed to new comments.

8 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

HTTPS/SSH should be more of a concern

by rbishops In reply to how to find protocol insi ...

Malware of any intelligence is going to use an encrypted protocol that would not allow the proper examination of the data. Even with HTTP, the malware may be using proper HTTP request to pull down a Trojan stored on a web server. I feel the best approach is to follow guidelines of using layered security.

Here are some ideas:
- Prevent any URL link in an email that is numeric in nature i.e. an IP address vs. a name. I use regular expressions to help identify these phishing approaches.

- Require authentication to reach Internet resources with an idle-timeout (say 10 minutes) to prevent unintentional access out of your network.

- Create firewall rules that meet your business needs, if protocols like SMTP, POP3, TELNET, or IRC (to name a few) are not typically run from client devices, then restrict those devices to only what is needed (HTTP, HTTPS, FTP, etc.) and open specific ports for servers and the applications they use.

- Implement URL filtering to prevent access to know security threats online

- If possible, implement IDS / IPS that will watch either know signature or anomalies in your network, then alert or block when something doesn't look right.

- As always, keep AntiVirus products on email gateways, servers, and client devices; with regular updates and scans.

- Finally, using centralized logging and packet sniffers to report and analyze your traffic to the internet will give you the most detailed look into what is going on; with IDS/IPS and syslogs being the bulk of your data..

I hope this helps.

Collapse -

thanks any software 4

by riverdrift In reply to HTTPS/SSH should be more ...

thanks
is there any software to implement all these
'coz implementing IDS/IPS time taking.I'll have take approval from dept head.

Collapse -

Open Source IDS/IPS

by rbishops In reply to thanks any software 4

The most popular open source IDS/IPS is SNORT. http://www.snort.org/ SNORT is signature based It could be your low cost introduction to IDS/IPS to show proof of concept and value to "Dept Head".

Collapse -

what r d differences

by riverdrift In reply to Open Source IDS/IPS

one more info I'd like to know
earlier even now we have firewalls,later IDS, now we got IPS

what are the major differences betwen them
how it's different from each other
plz let me know in detail

Collapse -

what r d differences

by riverdrift In reply to Open Source IDS/IPS

one more info I'd like to know
earlier even now we have firewalls,later IDS, now we got IPS

what are the major differences betwen them
how it's different from each other
plz let me know in detail

Collapse -

Do you know that this "question" belongs in the "Questions" forum?

by deepsand In reply to how to find protocol insi ...

The "Discussion" forum is for matters of general discussion, not specific problems in search of a solution.

Post problems such as this to the "Question" forum, rather than the "Discussion" forum. There are those who specifically seek out problems in need of a solution, and that's where they go to look for such.

Additionally, the "Question" forum provides for your rating the helpfulness of responses, so that others with the same or similar problem might be able to more easily find a solution.

Collapse -

ok

by riverdrift In reply to Do you know that this "qu ...

actualy I recently joined so I was not too much aware of all

Collapse -

And, TR does not make the difference all that obvious at first glance.

by deepsand In reply to ok

Not to worry, you're in large company in this regards.

Welcome aboard.

Back to Malware Forum
8 total posts (Page 1 of 1)  

Security Forums