Re: virus/worms killing a network...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The virus get into the user machine by e-mail from other ISPs. Thats noway i
can block e-mail ports. I blocked ports TCP 4444,135,445 and UDP 69, known
as ports that w32.blaster and others worms use to spread in the network. I
really want to be able to scan every package that pass through the firewall
and see from witch host its comming from. Ex: host-192.168.1.175 is sending
strange packages that maybe a virus attack.

Thanks

Cristiano


----- Original Message ----- 
From: "Jeff Vian" <jvian10@xxxxxxxxxxx>
To: <lsomike@xxxxxxxxxx>; "For users of Fedora Core releases"
<fedora-list@xxxxxxxxxx>
Sent: Saturday, July 31, 2004 7:01 PM
Subject: Re: virus/worms killing a network...


> On Sat, 2004-07-31 at 16:14, Mike Klinke wrote:
> > On Saturday 31 July 2004 15:56, Jeff Vian wrote:
> >
> > > > Assuming that your FC2 box is also acting as a firewall I'm
> > > > curious as to how your network machines are getting infected. If
> > > > you're not running a firewall you may strongly want to consider
> > > > one.
> > > >
> > > > Regards, Mike Klinke
> > >
> > > Simple answer --
> > > 1)  Uneducated users who open everything they get in the mail or by
> > > instant messaging.
> > > 2)  No virus protection software loaded/not updated.
> > >
> > > The firewall would not block mail, and clueless users are the most
> > > dangerous thing on any network.
> >
> > If my memory serves me the msblaster worm spread primarily by way of
> > the MS bug addressed by:
> >
> > http://www.microsoft.com/technet/security/bulletin/MS03-026.mspx
> >
>
> That is the one he said was primary.  However, he did say others viruses
> were in the mix as well.  And once it opened the back door from the
> first machine it could then possibly provide access to outsiders to the
> entire network.
>
> > but you're right that there was a e-mail vector as well. The other
> > person needs to answer my question above before assuming it's only
> > due to "stupid users."
> >
>
> I agree that an answer to how the first infection got thru the firewall
> (and if he has one) is the real issue here. Once the first one was
> infected the rest are vulnerable because the source is inside any
> firewall he had.
>
> > Regards,  Mike Klinke
> >
>
>
> -- 
> fedora-list mailing list
> fedora-list@xxxxxxxxxx
> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
>
>




[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux