Re: Router/Switches and viruses

From: Robert Holtz (robert.d.holtz_at_gmail.com)
Date: 05/05/05

  • Next message: Bamm Visscher: "Re: Value of IDS, ROI" 
    Date: Thu, 5 May 2005 10:21:15 -0500
To: Seek Knowledge <aseeker03@yahoo.com>

    Machines that scan for other machines to infect can easy bring a
    router to its' knees. Block outbound 13x port range and 445 at your
    egress stops a good deal of this. A single machine can easy knock
    down a T1 line. I've seen this happen.

    You should also block these ports inbound since outside infected
    machines can also eat up bandwidth.

    This will break over the internet Windows file sharing but there are
    many other more secure mathods for providing this type of access so
    blocking these ports should not have any real effect.

    On 5/3/05, Seek Knowledge <aseeker03@yahoo.com> wrote:
    > Does anyone have any first-hand experience with a
    > single infected desktop machine (or windows server for
    > that matter) taking out a LAN switch? Would anyone
    > have any stories from the trenches of an infected
    > machine causing a directly connected router to stop
    > functioning?
    >
    > If so, what could be done to prevent such an outage?
    > What IDS/IPS strategy might one implement to prevent
    > and or at least detect such an event?
    >
    > Thanks in advance.
    > ASeeker
    >
    > ________________________________________________________________________
    > Yahoo! Messenger - Communicate instantly..."Ping"
    > your friends today! Download Messenger Now
    > http://uk.messenger.yahoo.com/download/index.html
    >
    > --------------------------------------------------------------------------
    > Test Your IDS
    >
    > Is your IDS deployed correctly?
    > Find out quickly and easily by testing it with real-world attacks from
    > CORE IMPACT.
    > Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
    > to learn more.
    > --------------------------------------------------------------------------
    >
    >

    --------------------------------------------------------------------------
    Test Your IDS

    Is your IDS deployed correctly?
    Find out quickly and easily by testing it with real-world attacks from
    CORE IMPACT.
    Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
    to learn more.
    --------------------------------------------------------------------------

  • Next message: Bamm Visscher: "Re: Value of IDS, ROI"

    Relevant Pages

    • Downadup virus exposes millions of PCs to hijack
      ... The Downadup or Conficker worm exploits a bug in Microsoft Windows to ... at risk and what can be done to stop its spread. ... scan the network looking for machines to infect. ...
      (misc.news.internet.discuss)
    • > Downadup virus exposes millions of PCs to hijack
      ... The Downadup or Conficker worm exploits a bug in Microsoft Windows to ... is a Windows worm and almost all the cases are corporate networks. ... scan the network looking for machines to infect. ...
      (alt.politics)
    • Downadup virus exposes millions of PCs to hijack
      ... The Downadup or Conficker worm exploits a bug in Microsoft Windows to ... is a Windows worm and almost all the cases are corporate networks. ... scan the network looking for machines to infect. ...
      (alt.politics)
    • Downadup virus exposes millions of PCs to hijack
      ... The Downadup or Conficker worm exploits a bug in Microsoft Windows to ... a Windows worm and almost all the cases are corporate networks. ... the network looking for machines to infect. ...
      (comp.sys.mac.advocacy)
    • Re: Someone is scanning your computer
      ... out there that regularly scan for new machines to infect. ... > occasionally I get alerts that somebody is scanning my ports giving a list ... Roughtly 2-3 alerts in an hour. ...
      (microsoft.public.security)