virus/worms killing a network...
Pedro Fernandes Macedo
webmaster at margo.bijoux.nom.br
Sat Jul 31 18:55:45 UTC 2004
Cristiano Soares wrote:
> Hi All. Im desperate to get my network back working fine. Here is my
> situation.
>
> I have a FC2 server that has two NICs. The first one is connect to my
> ADSL router, and the other one is connected to a network that receive
> IPs from that server through DHCPD service, and then the FC2 do the
> firewall/masquerade. All the 30 machines can browse nice until 2 or
> maybe more machines that has virus/worms get online. Ive seeing that
> W32.MsBlast is the cause of most of these link down problems, but now,
> it looks to be more than just w32.msblast. My queston is: IS THAT
> POSSIBLE TO INSTALL A SOFTWARE OR SOMETHING LIKE THAT IN THE FC2
> SERVER TO PREVENT OR AT LEAST TO DETECT (by IP number) THE MACHINES
> THAT HAS THE VIRUS, SO IT DOENST KILL MY CONNECTION. Thanks in advance.
>
>
>
> Cristiano
>
Besides removing the virus , the only things you can do are:
1 - installing a AV software on all windows machines and keep it updated.
2 - install all the updates.
3 - block every unwanted incoming connection on your firewall. Only open
the necessary ports.
I do only #3 here (using a linksys cable router) and never had problems
with worms like Blaster (which spreads through network shares and a few
other ways). If you block all the unnecessary incoming trafic , you'll
be almost safe. Just ensure that your users never have unnecessary
privileges on the windows machines (never give poweruser or admin
privileges , unless they really need it and revoke them as soon as the
need finishes) , that they dont close the AV (kinda tricky.. dont know
if this can be done) and teach them to use a mail client that isnt
vulnerable to all those worms (which means , goodbye Outlook and Outlook
Express).
--
Pedro Macedo
More information about the fedora-list
mailing list