From: Miha Pihler [MVP] (mihap-news_at_atlantis.si)
Date: Thu, 24 Feb 2005 00:02:24 +0100
It is possible (and very likely) that they are coming in over TCP port 80
(or UDP 53 -- used for DNS resolution).
Viruses will use ports that are likely to be opened (as mentioned TCP 80,
TCP 443, UDP 53, TCP 25, ...).
When I setup servers for my customers, I usually try to define rules on the
firewall that would prevent complete access to the internet from the servers
(but not the other way -- access from the internet to the server so that
visitors are able to access public websites). This way, I can prevent
administrators surfing the internet from the server and getting infected
from web sites (protects from viruses, spyware etc).
This doesn't prevent infection that would come from inside (e.g. internal
-- Mike Microsoft MVP - Windows Security "KC" <firstname.lastname@example.org> wrote in message news:Ow6jqmdGFHA.3964@TK2MSFTNGP14.phx.gbl... > Hello All: > > For the past several days, our virus software has found and deleted a > backdoor trojan which was destined for our webserver. This came from the > outside, not in since no other clients on the network show any signs of > infections. > > My question is this. How are these files being sent to the server. Is it > possible that they are coming in on port 80? > If not, how? > > Thanks > > KC > >