scan TCP packets

[Zirus]

is there a way you can setup a firewall of sorts that will scan all packets for viruses? Would an idea like this even work? or does a product already exist?

[k22]

never used it, but a quick search turned up this

http://en.wikipedia.org/wiki/Snort_(software)

"Snort can be combined with other software such as SnortSnarf, sguil, OSSIM, and the Basic Analysis and Security Engine (BASE) to provide a visual representation of intrusion data. With patches for the snort source from Bleeding Edge Threats, support for packet stream antivirus scanning with ClamAV and network abnormality with SPADE, in the network layer 3 and 4, is possible with historical observation."

[leovanham]

no. Just to clearify, packets don't contain virusses, when a file is being transfered over a network it does so by splitting this file up into packets (simple explanation) what you can do is download a network security scanner that scans all of your computers for known trojan/virusses ports.

[RaisinCain]

  leovanham said:

no. Just to clearify, packets don't contain virusses, when a file is being transfered over a network it does so by splitting this file up into packets (simple explanation) what you can do is download a network security scanner that scans all of your computers for known trojan/virusses ports.

WTF? :no:

[sir.speakalot]

Might want to look for a packet inspecting firewall, not a stateful firewall as they do not look inside the packet. Another possiblity is looking into an IPS (intrusion prevention system). In my opinion, the best thing is to purchase anti virus and keep it up to date if you are concerned about getting a virus (that is if you already have a firewall). If you want to see what the packets look like, might want to use Ethereal / Wireshark which will show you the ports, destination, origin, the various OSI layers, etc... of each packet coming and going from your machine.