LIV - The Linux Integrated Viruswall

Thumbnail Image

Files

DIMVA2004-Medeiros.pdf (1.28 MB)

Date

2004-07

Authors

Journal Title

Journal ISSN

Volume Title

Publisher

Gesellschaft für Informatik

Abstract

This paper presents a system developed in Linux aiming the protection of local area networks containing Windows workstations against malicious agents. The developed solution, named LIV - Linux Integrated Viruswall, besides filtering SMTP, HTTP and FTP traffic destined to the protected network, is capable of detecting malicious agents propagation in the local area network using a technique that we call "sharing-trap". Compromised workstations are isolated from the network and their users are notified, stopping the malicious agent's spread. Results collected from a network protected by LIV, containing thousands of Windows workstations, are presented and discussed. This paper includes information about the recent incident caused by MyDoom worm.

Description

Table of contents

Keywords

Malware

Citation

Teobaldo A. Dantas de Medeiros; Paulo S. Motta Pires: LIV - The Linux Integrated Viruswall. In Flegel, U.; Meier, M. (Eds.): Proc. of the International GI Workshop on Detection of Intrusions and Malware & Vulnerability Assessment, number P-46 in Lecture Notes in Informatics, pp. 187-200, Dortmund, Germany, July 2004, Köllen Verlag; ISBN 3-88579-365-X.

URI

http://hdl.handle.net/2003/22790
 http://dx.doi.org/10.17877/DE290R-704

Collections

Papers