Re: virus/worms killing a network...

From: Pedro Fernandes Macedo (webmaster_at_margo.bijoux.nom.br)
Date: 07/31/04

  • Next message: J.L. Coenders: "ksoftirqd" 
    Date: Sat, 31 Jul 2004 15:55:45 -0300
To: For users of Fedora Core releases <fedora-list@redhat.com>

    Cristiano Soares wrote:

    > Hi All. Im desperate to get my network back working fine. Here is my
    > situation.
    >
    > I have a FC2 server that has two NICs. The first one is connect to my
    > ADSL router, and the other one is connected to a network that receive
    > IPs from that server through DHCPD service, and then the FC2 do the
    > firewall/masquerade. All the 30 machines can browse nice until 2 or
    > maybe more machines that has virus/worms get online. Ive seeing that
    > W32.MsBlast is the cause of most of these link down problems, but now,
    > it looks to be more than just w32.msblast. My queston is: IS THAT
    > POSSIBLE TO INSTALL A SOFTWARE OR SOMETHING LIKE THAT IN THE FC2
    > SERVER TO PREVENT OR AT LEAST TO DETECT (by IP number) THE MACHINES
    > THAT HAS THE VIRUS, SO IT DOENST KILL MY CONNECTION. Thanks in advance.
    >
    >
    >
    > Cristiano
    >

    Besides removing the virus , the only things you can do are:
    1 - installing a AV software on all windows machines and keep it updated.
    2 - install all the updates.
    3 - block every unwanted incoming connection on your firewall. Only open
    the necessary ports.

    I do only #3 here (using a linksys cable router) and never had problems
    with worms like Blaster (which spreads through network shares and a few
    other ways). If you block all the unnecessary incoming trafic , you'll
    be almost safe. Just ensure that your users never have unnecessary
    privileges on the windows machines (never give poweruser or admin
    privileges , unless they really need it and revoke them as soon as the
    need finishes) , that they dont close the AV (kinda tricky.. dont know
    if this can be done) and teach them to use a mail client that isnt
    vulnerable to all those worms (which means , goodbye Outlook and Outlook
    Express). 

    --
Pedro Macedo
-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
  • Next message: J.L. Coenders: "ksoftirqd"

    Relevant Pages

    • Re: Windows XP Pro Domain Login Fails (erratic behavior)
      ... Does this happen with all windows machines connected to that server? ... > are loan computers that my department provides to faculty when they are ... > domain users when entering their credentials (after the CTRL+ALT+DEL ...
      (microsoft.public.windowsxp.general)
    • Re: firewall question
      ... These daemons can be the ultimate in simplicity [the "echo" server, ... windows machines on a network, ... e-mails either to you (from other daemon processes, ...
      (alt.os.linux.suse)
    • RE: Copy + Paste in Quanta (FC2)
      ... Copy + Paste in Quanta (FC2) ... > basically a server, on which I also want to maintain some PHP code. ... provide much better performance than the open source driver from xorg. ...
      (Fedora)
    • Re: FC2 Issues
      ... whichs is mostly populated by people who actually work *on* Fedora. ... has one FC2 server and two FC2 workstations in testing... ... Whether you want to solve the problem, or want to bitch and moan, or want ...
      (Fedora)
    • Re: Cant get HP CIFS running ...
      ... and try HP CIFS 1.1 ... Windows machines log into a domain nor is there any domain ... server running the same Samba version that CIFS is suppsed ...
      (comp.os.vms)