On Sat, 2004-07-31 at 13:48, Mike Klinke wrote:
> On Saturday 31 July 2004 13:08, Cristiano Soares wrote:
> > Hi All. Im desperate to get my network back working fine. Here is
> > my situation.
> >
> > I have a FC2 server that has two NICs. The first one is connect to
> > my ADSL router, and the other one is connected to a network that
> > receive IPs from that server through DHCPD service, and then the
> > FC2 do the firewall/masquerade. All the 30 machines can browse nice
> > until 2 or maybe more machines that has virus/worms get online. Ive
> > seeing that W32.MsBlast is the cause of most of these link down
> > problems, but now, it looks to be more than just w32.msblast. My
> > queston is: IS THAT POSSIBLE TO INSTALL A SOFTWARE OR SOMETHING
> > LIKE THAT IN THE FC2 SERVER TO PREVENT OR AT LEAST TO DETECT (by IP
> > number) THE MACHINES THAT HAS THE VIRUS, SO IT DOENST KILL MY
> > CONNECTION. Thanks in advance.
> >
> >
> >
> > Cristiano
>
>
> One possible solution to investigate is something like an Intrusion
> Detection System which has the ability to react to an intrusion
> ("snort" has some capability along this line) which runs a script to
> log in to a network switch and shutting off the offending machine(s)
> port(s).
>
> A better approach might be to periodically scan your network for
> vulnerable machines and disconnect them from the rest of the network
> before they're infected until they can be properly updated. Several
> free tools are available that detect vulnerable machines; nessus
> (www.nessus.org) for example.
>
> Assuming that your FC2 box is also acting as a firewall I'm curious as
> to how your network machines are getting infected. If you're not
> running a firewall you may strongly want to consider one.
>
> Regards, Mike Klinke
>
Simple answer --
1) Uneducated users who open everything they get in the mail or by
instant messaging.
2) No virus protection software loaded/not updated.
The firewall would not block mail, and clueless users are the most
dangerous thing on any network.
