Securing a network against MSBlast
Page 1 of 3 123 LastLast
Results 1 to 10 of 21

Thread: Securing a network against MSBlast

  1. #1
    Junior Member
    Join Date
    Jul 2002
    Posts
    29

    Securing a network against MSBlast

    Hi,

    I was wondering what the best way to protect a network against the MSBlaster worms are other than patching all the boxes... I ask this because I was wondering what the school I am attending would do... Is it as simple as not allowing traffic over port 135? not allowing TFTP??? Those are a few things that they have mentioned about doing...

    Thank you!

  2. #2
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Block 135 inbound and tftp outbound and you should be fine.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  3. #3
    Member
    Join Date
    Sep 2002
    Posts
    74
    but it is also a good idea to patch the machines, u never know....maybe someone inside ur network might brink the virus on a disk and have it infect internally.

  4. #4
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,884
    We were protected at the perimeter (firewalled the known ports it uses) however, the virus did get inside through other means. All unpatched boxes were infected.

    I'd say take both recommendations and use it as a tiered strategy. If our admins would have done so, my life would have been much easier last week.

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  5. #5
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,884
    I find that using a Macintosh Powerbook does a pretty good job also
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  6. #6
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    We blocked tftp and MSRPC at our perimeter and that worked for a good while; however, should have paid more attention to our backdoors (dialup/vpn). That opened the door before we could close it again...of course now we are and have blocked/monitored there as well and aside from the occasionaly schmuck bringing in infected laptops things have been pretty quiet...

    Guess the point is, even with a good hard perimeter...a soft gooy center still leaves you open to other threats, it is just a matter of time (be it a backdoor, people plugging up other equipment, etc). Best thing you can do is make sure you are not vulnerable by using a scanner (Retina has one that is free for this vulnerability and I think the SANS folks released one too) and to patch up any vulnerable machines.

    /nebulus
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  7. #7
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,884
    Originally posted here by nebulus200

    Guess the point is, even with a good hard perimeter...a soft gooy center still leaves you open to other threats, it is just a matter of time (be it a backdoor, people plugging up other equipment, etc). Best thing you can do is make sure you are not vulnerable by using a scanner (Retina has one that is free for this vulnerability and I think the SANS folks released one too) and to patch up any vulnerable machines.
    Thats something that no one ever thinks about. You put up a concrete wall but it doesn't do anything when you leave the window open.
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  8. #8
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Originally posted here by souleman
    I find that using a Macintosh Powerbook does a pretty good job also
    A Linux or BSD box also works well. There is one XP box on my network and thats it, it has patches installed, a firewall, Anti virii....Should be fine.

  9. #9
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    Originally posted here by gore


    A Linux or BSD box also works well. There is one XP box on my network and thats it, it has patches installed, a firewall, Anti virii....Should be fine.

    Welp, I have over 60000 users on my network with about 59500 of them being not the sharpest toosl in the shed, so you can imagine what I have had to deal with :/

    /nebulus
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  10. #10
    Junior Member
    Join Date
    Aug 2002
    Posts
    4

    Wink

    I have over 999999999 users on my netowrk and it is hard too :-p





    Just kidding, Felt Like I had to say something stupid.
    FeN-i-X - We all have to start someware and we all start at the bottom...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •