This paper presents a system developed in Linux aiming the protection of local area networks containing Windows workstations against malicious agents. The developed solution, named LIV - Linux Integrated Viruswall, besides filtering SMTP, HTTP and FTP traffic destined to the protected network, is capable of detecting malicious agents propagation in the local area network using a technique that we call "sharing-trap". Compromised workstations are isolated from the network and their users are notified, stopping the malicious agent's spread. Results collected from a network protected by LIV, containing thousands of Windows workstations, are presented and discussed. This paper includes information about the recent incident caused by MyDoom worm.
Teobaldo A. Dantas de Medeiros, Paulo S. Motta Pir