virus/worms killing a network...
Mike Klinke
lsomike at futzin.com
Sat Jul 31 18:48:03 UTC 2004
On Saturday 31 July 2004 13:08, Cristiano Soares wrote:
> Hi All. Im desperate to get my network back working fine. Here is
> my situation.
>
> I have a FC2 server that has two NICs. The first one is connect to
> my ADSL router, and the other one is connected to a network that
> receive IPs from that server through DHCPD service, and then the
> FC2 do the firewall/masquerade. All the 30 machines can browse nice
> until 2 or maybe more machines that has virus/worms get online. Ive
> seeing that W32.MsBlast is the cause of most of these link down
> problems, but now, it looks to be more than just w32.msblast. My
> queston is: IS THAT POSSIBLE TO INSTALL A SOFTWARE OR SOMETHING
> LIKE THAT IN THE FC2 SERVER TO PREVENT OR AT LEAST TO DETECT (by IP
> number) THE MACHINES THAT HAS THE VIRUS, SO IT DOENST KILL MY
> CONNECTION. Thanks in advance.
>
>
>
> Cristiano
One possible solution to investigate is something like an Intrusion
Detection System which has the ability to react to an intrusion
("snort" has some capability along this line) which runs a script to
log in to a network switch and shutting off the offending machine(s)
port(s).
A better approach might be to periodically scan your network for
vulnerable machines and disconnect them from the rest of the network
before they're infected until they can be properly updated. Several
free tools are available that detect vulnerable machines; nessus
(www.nessus.org) for example.
Assuming that your FC2 box is also acting as a firewall I'm curious as
to how your network machines are getting infected. If you're not
running a firewall you may strongly want to consider one.
Regards, Mike Klinke
More information about the fedora-list
mailing list