Securing a network against MSBlast

[DivineRogue]

Hi,

I was wondering what the best way to protect a network against the MSBlaster worms are other than patching all the boxes... I ask this because I was wondering what the school I am attending would do... Is it as simple as not allowing traffic over port 135? not allowing TFTP??? Those are a few things that they have mentioned about doing...

Thank you!

[Tiger Shark]

Block 135 inbound and tftp outbound and you should be fine.

[wassup]

but it is also a good idea to patch the machines, u never know....maybe someone inside ur network might brink the virus on a disk and have it infect internally.

[thehorse13]

We were protected at the perimeter (firewalled the known ports it uses) however, the virus did get inside through other means. All unpatched boxes were infected.

I'd say take both recommendations and use it as a tiered strategy. If our admins would have done so, my life would have been much easier last week.

--TH13

[souleman]

I find that using a Macintosh Powerbook does a pretty good job also

[nebulus200]

We blocked tftp and MSRPC at our perimeter and that worked for a good while; however, should have paid more attention to our backdoors (dialup/vpn). That opened the door before we could close it again...of course now we are and have blocked/monitored there as well and aside from the occasionaly schmuck bringing in infected laptops things have been pretty quiet...

Guess the point is, even with a good hard perimeter...a soft gooy center still leaves you open to other threats, it is just a matter of time (be it a backdoor, people plugging up other equipment, etc). Best thing you can do is make sure you are not vulnerable by using a scanner (Retina has one that is free for this vulnerability and I think the SANS folks released one too) and to patch up any vulnerable machines.

/nebulus

[souleman]

Originally posted here by nebulus200

Guess the point is, even with a good hard perimeter...a soft gooy center still leaves you open to other threats, it is just a matter of time (be it a backdoor, people plugging up other equipment, etc). Best thing you can do is make sure you are not vulnerable by using a scanner (Retina has one that is free for this vulnerability and I think the SANS folks released one too) and to patch up any vulnerable machines.

Thats something that no one ever thinks about. You put up a concrete wall but it doesn't do anything when you leave the window open.

[gore]

Originally posted here by souleman
I find that using a Macintosh Powerbook does a pretty good job also

A Linux or BSD box also works well. There is one XP box on my network and thats it, it has patches installed, a firewall, Anti virii....Should be fine.

[nebulus200]

Originally posted here by gore


A Linux or BSD box also works well. There is one XP box on my network and thats it, it has patches installed, a firewall, Anti virii....Should be fine.

Welp, I have over 60000 users on my network with about 59500 of them being not the sharpest toosl in the shed, so you can imagine what I have had to deal with :/

/nebulus

[FeN-i-X]

I have over 999999999 users on my netowrk and it is hard too :-p





Just kidding, Felt Like I had to say something stupid.