The virus get into the user machine by e-mail from other ISPs. Thats noway i can block e-mail ports. I blocked ports TCP 4444,135,445 and UDP 69, known as ports that w32.blaster and others worms use to spread in the network. I really want to be able to scan every package that pass through the firewall and see from witch host its comming from. Ex: host-192.168.1.175 is sending strange packages that maybe a virus attack. Thanks Cristiano ----- Original Message ----- From: "Jeff Vian" <jvian10@xxxxxxxxxxx> To: <lsomike@xxxxxxxxxx>; "For users of Fedora Core releases" <fedora-list@xxxxxxxxxx> Sent: Saturday, July 31, 2004 7:01 PM Subject: Re: virus/worms killing a network... > On Sat, 2004-07-31 at 16:14, Mike Klinke wrote: > > On Saturday 31 July 2004 15:56, Jeff Vian wrote: > > > > > > Assuming that your FC2 box is also acting as a firewall I'm > > > > curious as to how your network machines are getting infected. If > > > > you're not running a firewall you may strongly want to consider > > > > one. > > > > > > > > Regards, Mike Klinke > > > > > > Simple answer -- > > > 1) Uneducated users who open everything they get in the mail or by > > > instant messaging. > > > 2) No virus protection software loaded/not updated. > > > > > > The firewall would not block mail, and clueless users are the most > > > dangerous thing on any network. > > > > If my memory serves me the msblaster worm spread primarily by way of > > the MS bug addressed by: > > > > http://www.microsoft.com/technet/security/bulletin/MS03-026.mspx > > > > That is the one he said was primary. However, he did say others viruses > were in the mix as well. And once it opened the back door from the > first machine it could then possibly provide access to outsiders to the > entire network. > > > but you're right that there was a e-mail vector as well. The other > > person needs to answer my question above before assuming it's only > > due to "stupid users." > > > > I agree that an answer to how the first infection got thru the firewall > (and if he has one) is the real issue here. Once the first one was > infected the rest are vulnerable because the source is inside any > firewall he had. > > > Regards, Mike Klinke > > > > > -- > fedora-list mailing list > fedora-list@xxxxxxxxxx > To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list > >
