Am Sa, den 31.07.2004 schrieb Cristiano Soares um 20:08: > I have a FC2 server that has two NICs. The first one is connect to my ADSL router, and the other > one is connected to a network that receive IPs from that server through DHCPD service, and then > the FC2 do the firewall/masquerade. All the 30 machines can browse nice until 2 or maybe more > machines that has virus/worms get online. Ive seeing that W32.MsBlast is the cause of most of > these link down problems, but now, it looks to be more than just w32.msblast. My queston is: IS > THAT POSSIBLE TO INSTALL A SOFTWARE OR SOMETHING LIKE THAT IN THE FC2 > SERVER TO PREVENT OR AT LEAST TO DETECT (by IP number) THE MACHINES THAT > HAS THE VIRUS, SO IT DOENST KILL MY CONNECTION. Thanks in advance. > Cristiano Install an anti-virus tool on each of the Windows[tm] machines to desinfect them and protect them for the future. Install all available updates from the MS update site. If you want to find out the bad hosts from you Linux host you certainly will have to check which ports these worms use and then run a portscan against all of the hosts, using nmap. You can too switch on each Windows[tm] machine one by one and observe the traffic on the NAT machine to see whether the single running Win machine tries to "telephone" with other machines. It would be very helpful too to know the ports the worm uses. In general configure your NAT server properly with a good firewalling setup! This will not protect against all kind of worms because many install through Windows[tm] misdesign, security bugs or simply by mail. Let none of the Windows[tm] hosts run with administrator privileges! Alexander P.S. Please don't post html formatted mail to the list, just plain text mail. Don't shout out. We all understand your question without the need to cry (capital letter sentences). -- Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13 Fedora GNU/Linux Core 2 (Tettnang) kernel 2.6.6-1.435.2.3.ad.umlsmp Serendipity 20:17:18 up 1:42, 8 users, 0.02, 0.08, 0.15
Attachment:
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil