Re: virus/worms killing a network...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Saturday 31 July 2004 13:08, Cristiano Soares wrote:
> Hi All. Im desperate to get my network back working fine. Here is
> my situation.
>
> I have a FC2 server that has two NICs. The first one is connect to
> my ADSL router, and the other one is connected to a network that
> receive IPs from that server through DHCPD service, and then the
> FC2 do the firewall/masquerade. All the 30 machines can browse nice
> until 2 or maybe more machines that has virus/worms get online. Ive
> seeing that W32.MsBlast is the cause of most of these link down
> problems, but now, it looks to be more than just w32.msblast. My
> queston is: IS THAT POSSIBLE TO INSTALL A SOFTWARE OR SOMETHING
> LIKE THAT IN THE FC2 SERVER TO PREVENT OR AT LEAST TO DETECT (by IP
> number) THE MACHINES THAT HAS THE VIRUS, SO IT DOENST KILL MY
> CONNECTION. Thanks in advance.
>
>
>
> Cristiano


One possible solution to investigate is something like an Intrusion 
Detection System which has the ability to react to an intrusion  
("snort"  has some capability along this line) which runs a script to 
log in to a network switch and shutting off the offending machine(s) 
port(s).

A better approach might be to periodically scan your network for 
vulnerable machines and disconnect them from the rest of the network 
before they're infected until they can be properly updated.  Several 
free tools are available that detect vulnerable machines; nessus 
(www.nessus.org) for example.  

Assuming that your FC2 box is also acting as a firewall I'm curious as 
to how your network machines are getting infected. If you're not 
running a firewall you may strongly want to consider one.

Regards, Mike Klinke





[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux