virus/worms killing a network...
Cristiano Soares
stillnick2 at terra.com.br
Sun Aug 1 04:09:54 UTC 2004
The virus get into the user machine by e-mail from other ISPs. Thats noway i
can block e-mail ports. I blocked ports TCP 4444,135,445 and UDP 69, known
as ports that w32.blaster and others worms use to spread in the network. I
really want to be able to scan every package that pass through the firewall
and see from witch host its comming from. Ex: host-192.168.1.175 is sending
strange packages that maybe a virus attack.
Thanks
Cristiano
----- Original Message -----
From: "Jeff Vian" <jvian10 at charter.net>
To: <lsomike at futzin.com>; "For users of Fedora Core releases"
<fedora-list at redhat.com>
Sent: Saturday, July 31, 2004 7:01 PM
Subject: Re: virus/worms killing a network...
> On Sat, 2004-07-31 at 16:14, Mike Klinke wrote:
> > On Saturday 31 July 2004 15:56, Jeff Vian wrote:
> >
> > > > Assuming that your FC2 box is also acting as a firewall I'm
> > > > curious as to how your network machines are getting infected. If
> > > > you're not running a firewall you may strongly want to consider
> > > > one.
> > > >
> > > > Regards, Mike Klinke
> > >
> > > Simple answer --
> > > 1) Uneducated users who open everything they get in the mail or by
> > > instant messaging.
> > > 2) No virus protection software loaded/not updated.
> > >
> > > The firewall would not block mail, and clueless users are the most
> > > dangerous thing on any network.
> >
> > If my memory serves me the msblaster worm spread primarily by way of
> > the MS bug addressed by:
> >
> > http://www.microsoft.com/technet/security/bulletin/MS03-026.mspx
> >
>
> That is the one he said was primary. However, he did say others viruses
> were in the mix as well. And once it opened the back door from the
> first machine it could then possibly provide access to outsiders to the
> entire network.
>
> > but you're right that there was a e-mail vector as well. The other
> > person needs to answer my question above before assuming it's only
> > due to "stupid users."
> >
>
> I agree that an answer to how the first infection got thru the firewall
> (and if he has one) is the real issue here. Once the first one was
> infected the rest are vulnerable because the source is inside any
> firewall he had.
>
> > Regards, Mike Klinke
> >
>
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
>
>
More information about the fedora-list
mailing list