free portable network scanner for bot / malware / virus ?

IAmForum

Weaksauce
Joined
Jan 17, 2020
Messages
80
I was alerted by Spectrum that one of our offices has a device with bot / malware / virus on the network.
I am looking for a way to scan the network for anything like that.

Are there any free portable options ?
 

MrGuvernment

Fully [H]
Joined
Aug 3, 2004
Messages
20,956
And how did they determine one of your offices has a device with a bot/malware?

The first stop would be your perimeter firewalls to see what device is sending out traffic it should not? Is there any monitoring on those? or logs? Who is in charge of your firewalls?
Next question is, what are your offices using for AV or other protection apps?How is it managed?

If you have tools on your network, and proper business' level tools, you should easily be able to find a device that is not acting properly.

And lastly, you now need to consider your entire network could be compromised...
 

IAmForum

Weaksauce
Joined
Jan 17, 2020
Messages
80
I am the new IT Director here, and they let the firewall subscriptions lapse.
I am getting quotes for the renewals or another solution entirely, but I wanted to be able to scan the network in the meantime.
The internet provider is the one that alerted us to this potential issue.
They even said it could be nothing, but I have to verify.
 

Nicklebon

Gawd
Joined
May 22, 2006
Messages
877
I am the new IT Director here, and they let the firewall subscriptions lapse.
I am getting quotes for the renewals or another solution entirely, but I wanted to be able to scan the network in the meantime.
The internet provider is the one that alerted us to this potential issue.
They even said it could be nothing, but I have to verify.
It is highly unlikely you will find anything free to scan a network. The best you'll be able to do for free will be individual workstation scanning. If you've a proper relationship with your firewall vendor you could perhaps convince them to provide some "eval" tools. Otherwise start combing your firewall logs. Lasped licenses or not there should be logs.
 

philb2

Gawd
Joined
May 26, 2021
Messages
1,014
I am the new IT Director here, and they let the firewall subscriptions lapse.
I am getting quotes for the renewals or another solution entirely, but I wanted to be able to scan the network in the meantime.
The internet provider is the one that alerted us to this potential issue.
They even said it could be nothing, but I have to verify.
I hafta ask a possibly dumb question. With all the news lately about ransomware, data lossses, theft of customer sensitive data, and whatnot, exactly how and why did the company decide to let the firewall subscription lapse? :confused: Twenty-plus years ago, I was the product manager for my company's firewall product. Even before the cloud. :) These days it's hard to imagine a company without a firewall, although firewalls are by no means sufficient for best-efforts corporate info security.
 

Nicklebon

Gawd
Joined
May 22, 2006
Messages
877
I hafta ask a possibly dumb question. With all the news lately about ransomware, data lossses, theft of customer sensitive data, and whatnot, exactly how and why did the company decide to let the firewall subscription lapse? :confused: Twenty-plus years ago, I was the product manager for my company's firewall product. Even before the cloud. :) These days it's hard to imagine a company without a firewall, although firewalls are by no means sufficient for best-efforts corporate info security.
It is very likely they have a firewall of some capacity. It will be missing capabilities such as updated attack signatures and such. Very few enterrpise firewalls these days stop being a basic firewall when lics expire. Those I am aware of that do also fail closed ie stop forwarding packets meaning they block all traffic in and out. You would be be shocked at the number of LARGE companies that allow firewall feature lics to expire.
 

philb2

Gawd
Joined
May 26, 2021
Messages
1,014
You would be be shocked at the number of LARGE companies that allow firewall feature lics to expire.
Actually I would not. Back when I was the product manager for the firewall business for a very large, but now merged out of existence, systems company, the sales guys would often email for help for customers where the IT guys understood the need for a firewall, but the line-of-business guys didn't want to impact their profit margin. Sadly, there may be a new generation of line-of-business managers, but they are no smarter than their predecessors.

True story: About 5 years ago, I discovered that this person I was working with in a personal capacity had a serious security breach of their business web site. This person was a INVESTMENT ADVISOR to people could could justify having a personal manager for their investments. When I told her about the security issue, her response was, "Oh, I guess I should tell my husband about it. Maybe he can fix it." Absolutely, double-pinkie swear, true story.
 

IAmForum

Weaksauce
Joined
Jan 17, 2020
Messages
80
It is very likely they have a firewall of some capacity. It will be missing capabilities such as updated attack signatures and such. Very few enterrpise firewalls these days stop being a basic firewall when lics expire. Those I am aware of that do also fail closed ie stop forwarding packets meaning they block all traffic in and out. You would be be shocked at the number of LARGE companies that allow firewall feature lics to expire.
Yes. The firewalls still work, but no updates or anti virus / etc.
 

Nicklebon

Gawd
Joined
May 22, 2006
Messages
877
fortigate 80e
Since lics were expired I'm going out on a limb and guessing no FAZ or other logging platform and no siem either? So basically no logs beyond the rolling log of the FGT. OUCH! While your getting the lics renewed have mgmt drop for FAZ. I know there is a free 3 device FMG lic for the vm version, using this at home, so there may be a free lic for the FAZ as well. Its better than nothing but you really want support so mgmt should step up. Once mgmt steps up you easily make nice executive appropriate security reports with a FAZ showing where the money goes.

PS Since you had expired lics you likely did not get the latest PSIRT notice. If you're running 7.x code move to 7.0.7 or 7.2.2 ASAP!!


Yes there is a free FAZ lic.
https://docs.fortinet.com/document/fortianalyzer/7.0.0/vm-trial-license-guide/200800/introduction

There is also the Forticloud option but for logs over 30 days you have to pay. That is still better than nothing but ... security logs ... cloud ... hard pass
 
Last edited:
Top