virus/worms killing a network...

[Pedro Fernandes Macedo]

Cristiano Soares wrote:

> Hi All. Im desperate to get my network back working fine. Here is my 
> situation.
>
> I have a FC2 server that has two NICs. The first one is connect to my 
> ADSL router, and the other one is connected to a network that receive 
> IPs from that server through DHCPD service, and then the FC2 do the 
> firewall/masquerade. All the 30 machines can browse nice until 2 or 
> maybe more machines that has virus/worms get online. Ive seeing that 
> W32.MsBlast is the cause of most of these link down problems, but now, 
> it looks to be more than just w32.msblast. My queston is: IS THAT 
> POSSIBLE TO INSTALL A SOFTWARE OR SOMETHING LIKE THAT IN THE FC2 
> SERVER TO PREVENT OR AT LEAST TO DETECT (by IP number) THE MACHINES 
> THAT HAS THE VIRUS, SO IT DOENST KILL MY CONNECTION. Thanks in advance.
>
>  
>
> Cristiano
>

Besides removing the virus , the only things you can do are:
1 - installing a AV software on all windows machines and keep it updated.
2 - install all the updates.
3 - block every unwanted incoming connection on your firewall. Only open 
the necessary ports.

I do only #3 here (using a linksys cable router) and never had problems 
with worms like Blaster (which spreads through network shares and a few 
other ways). If you block all the unnecessary incoming trafic , you'll 
be almost safe. Just ensure that your users never have unnecessary 
privileges on the windows machines (never give poweruser or admin 
privileges , unless they really need it and revoke them as soon as the 
need finishes) , that they dont close the AV (kinda tricky.. dont know 
if this can be done) and teach them to use a mail client that isnt 
vulnerable to all those worms (which means , goodbye Outlook and Outlook 
Express).

--
Pedro Macedo