Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: HTTP Proxies used for Fighting Spyware: Feedback

  • From: trainier
  • Date: Fri Sep 23 15:35:51 2005

Apologies up-front if this really is off topic, but my experience with 
proxies and security, in general, might be of value in this case.

I use an HTTP proxy to help identify, block and report Spyware.  I'm using 
a squid proxy with a SquidGuard blacklist which I update more so than the 
community does.
As spyware hits our network here, I find their entries in the squid access 
log and add the entries to the blacklist.  The trouble is, I'm just one 
guy doing it when I can.  Perhaps
it would be of value to form a community that updates a centralized 
database (or just a flat text file, like squidguard does) which identifies 
and blacklists websites, domains and urls
which contain viruses/phishers/malware content?  I would most certainly be 
interested in working on a project like that.

However, much like my opinion on mitigating SPAM, I'm not convinced this 
is any sort of catch-all solution.  I manage malware protection, the same 
way I manage SPAM protection.  A slew of 2-5 mechanisms which work 
together to bring the best results whilst still maintaining the least 
number of false positives possible.

So, got some free time?  I'd gladly start a project/database/website to 
put a malware blacklist database together.  The key to it being 
successful, is unanimous decisions on what is blocked and what is not.

Again, if this is off-topic, my apologies.
Speaking of which, can someone re-point me to document that explains what 
is and is not considered to be on-topic?  :-)

Tim Rainier
Information Services, Kalsec, INC
trainier@kalsec.com



Two Bit <two.bit7@gmail.com> 
Sent by: owner-nanog@merit.edu
09/23/2005 03:17 PM
Please respond to
Two Bit <two.bit7@gmail.com>


To
nanog@merit.edu
cc

Subject
HTTP Proxies used for Fighting Spyware: Feedback






Hi there, long-time Nanog lurker network engineer with a (maybe off-topic) 
question related to network architecture solutions to fight the 
spyware/greyware problem.   I was wondering if anyone might have any 
experience deploying anti-spyware solutions which reside on HTTP Proxies.  
Several products claim to be able to detect spyware on the wire such as 
ISS, SonicWall, Fortinet, Astaro, BlueCoat.  However, I am concerned about 
the performance, especially since they have to use an AntiVirus product on 
the back-end (heavy processing).  Curious what the user experience might 
be, how effective any of these solutions are in really catching spyware, 
and any other operational experiences from engineers employing any of 
these solutions out in the field (not from vendors, please) that may help 
narrow down the choices.   Thanks for any input. 








Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.