-
August 25th, 2003, 07:41 PM
#1
Junior Member
Securing a network against MSBlast
Hi,
I was wondering what the best way to protect a network against the MSBlaster worms are other than patching all the boxes... I ask this because I was wondering what the school I am attending would do... Is it as simple as not allowing traffic over port 135? not allowing TFTP??? Those are a few things that they have mentioned about doing...
Thank you!
-
August 25th, 2003, 07:46 PM
#2
Block 135 inbound and tftp outbound and you should be fine.
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
August 25th, 2003, 07:55 PM
#3
Member
but it is also a good idea to patch the machines, u never know....maybe someone inside ur network might brink the virus on a disk and have it infect internally.
-
August 25th, 2003, 08:01 PM
#4
We were protected at the perimeter (firewalled the known ports it uses) however, the virus did get inside through other means. All unpatched boxes were infected.
I'd say take both recommendations and use it as a tiered strategy. If our admins would have done so, my life would have been much easier last week.
--TH13
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
August 25th, 2003, 08:06 PM
#5
I find that using a Macintosh Powerbook does a pretty good job also
\"Ignorance is bliss....
but only for your enemy\"
-- souleman
-
August 25th, 2003, 08:11 PM
#6
We blocked tftp and MSRPC at our perimeter and that worked for a good while; however, should have paid more attention to our backdoors (dialup/vpn). That opened the door before we could close it again...of course now we are and have blocked/monitored there as well and aside from the occasionaly schmuck bringing in infected laptops things have been pretty quiet...
Guess the point is, even with a good hard perimeter...a soft gooy center still leaves you open to other threats, it is just a matter of time (be it a backdoor, people plugging up other equipment, etc). Best thing you can do is make sure you are not vulnerable by using a scanner (Retina has one that is free for this vulnerability and I think the SANS folks released one too) and to patch up any vulnerable machines.
/nebulus
There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.
(Merovingian - Matrix Reloaded)
-
August 25th, 2003, 08:17 PM
#7
Originally posted here by nebulus200
Guess the point is, even with a good hard perimeter...a soft gooy center still leaves you open to other threats, it is just a matter of time (be it a backdoor, people plugging up other equipment, etc). Best thing you can do is make sure you are not vulnerable by using a scanner (Retina has one that is free for this vulnerability and I think the SANS folks released one too) and to patch up any vulnerable machines.
Thats something that no one ever thinks about. You put up a concrete wall but it doesn't do anything when you leave the window open.
\"Ignorance is bliss....
but only for your enemy\"
-- souleman
-
August 25th, 2003, 08:18 PM
#8
Originally posted here by souleman
I find that using a Macintosh Powerbook does a pretty good job also
A Linux or BSD box also works well. There is one XP box on my network and thats it, it has patches installed, a firewall, Anti virii....Should be fine.
-
August 25th, 2003, 08:20 PM
#9
Originally posted here by gore
A Linux or BSD box also works well. There is one XP box on my network and thats it, it has patches installed, a firewall, Anti virii....Should be fine.
Welp, I have over 60000 users on my network with about 59500 of them being not the sharpest toosl in the shed, so you can imagine what I have had to deal with :/
/nebulus
There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.
(Merovingian - Matrix Reloaded)
-
August 25th, 2003, 08:49 PM
#10
Junior Member
I have over 999999999 users on my netowrk and it is hard too :-p
Just kidding, Felt Like I had to say something stupid.
FeN-i-X - We all have to start someware and we all start at the bottom...
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|