mailing list archives
From: "Griffin, Van" <Van.Griffin () xerox com>
Date: Wed, 15 Dec 2004 13:59:19 -0500
Yes. But it depends on what type of spyware is in question. Is the ports
used by spyware a universal thing? No it is not. Most spyware use a
dynamic UDP or TCP port.
Van L Griffin III - EDS Engineering
Supporting the Xerox Account
Phone: (585)231-0065 Intel: 10065
Email: Van.Griffin () usa xerox com
From: Matt Stern [mailto:sternm () comprehensive com]
Sent: Tuesday, December 14, 2004 5:38 PM
To: security-basics () lists securityfocus com
I was just wondering if spyware sends its answers "back home" on any
particular TCP or UDP port. If so, then couldn't I doubly safeguard the
LAN (after trying to keep all the spyware off the workstations) by
disallowing outbound communications via the firewall, for those ports?
Or conversely, instead of allowing all outbound traffic, only allow the
usual ports, such as 80, 443, 23, etc?
Matthew H. Stern, CCP/CDP, sternm () comprehensive com
Serving the IT industry since 1976
Comprehensive Computer Services Inc.
Phone: 631 755-2250, Fax 755-2254
560 Broad Hollow Road, Melville NY 11747