Firewall software
 

OK, here is the deal. Our network at school here is sending out a Trojan virus through our ethernet which apparently can scan your computer and capture password usage and a bunch of other information that they have no real right to see. Anyways, I am looking for some kind of monitoring program that can filter what packets are allowed onto my system. Can you set up Ethereal to do this? If not, can someone point me to another program....right now my firewall is set to default high, which I think should be enough, but Im not sure. Any help would be greatly appreciated, and this is no BS, my roomate just caught them sending the virus to him, but he uses XP and it allerted him somehow....can anyone help me set Linux to do the same? Thanks all.

I'm just a Linux newbie, but I can provide some small bit of information. I had read that setting the firewall to high closes ports. It only allows the ethernet port (eth0) to be open.

A virus usually scans through open ports, so if the firewall is set to high it should be safe, just don't open any email attachments.

Awesome, thats pretty much what I thought, but people are saying it came through the network here......I dont know if they hid it in packets coming through the ethernet cable (disguised as noraml traffic if possible) or what....is there any way I can have Linux's firewall notify if something like a virus comes through the ethernet or something? Thanks all.

Well to start off, next time try using a better thread title instead of "Help, Urgent". That doesn't tell us what your problem is by browsing the forums.

Second, why is your school sending out a trojan ? Do they know about this ? Have they tried seeing which machines are infected. It would probably be wise to shutdown these services so they don't keep infecting others or sending out these viruses.

You may want to look and search the security forum for programs that have been mentioned. And if your using iptables, ipchains or whatever program your using for your system/firewall now, there should be some sort of log file that captures what is going on.

What firewall program are you using now, that might help others when answering your questions ?

please do not mark anything as "urgent".

My apologies on urgent, I didnt know it would cause hysteria in the forums. Ouor netwrok isnt infected, the people who run our network are sending these Trojans so they can monitor exactly what we do on our computers.....I was just looking for a way to be warned if they were sending stuff my way, or if I already had the trojan......