Home page logo
/

basics logo Security Basics mailing list archives

RE: Spyware
From: "Friend, Jason A Contractor/CoTs" <jason.friend () us army mil>
Date: Wed, 15 Dec 2004 12:56:12 -0600

From what I have seen of spyware it uses port TCP 80 to communicate so
it would be impossible to block it by TCP port.  There are several
websites where you can get a list of IP's that are known spyware and
block those. 


-----Original Message-----
From: Matt Stern [mailto:sternm () comprehensive com] 
Sent: Tuesday, December 14, 2004 4:38 PM
To: security-basics () lists securityfocus com
Subject: Spyware

Hello all:

I was just wondering if spyware sends its answers "back home" on any 
particular TCP or UDP port.  If so, then couldn't I doubly safeguard the

LAN (after trying to keep all the spyware off the workstations) by 
disallowing outbound communications via the firewall, for those ports? 
 Or conversely, instead of allowing all outbound traffic, only allow the

usual ports, such as 80, 443, 23, etc?

Thanks.

-- 
Matthew H. Stern, CCP/CDP, sternm () comprehensive com
Serving the IT industry since 1976
Comprehensive Computer Services Inc.
www.comprehensive.com
Phone: 631 755-2250, Fax 755-2254
560 Broad Hollow Road, Melville NY 11747


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]