The Blaster worm exploits a vulnerability in the DCOM RPC component in Windows. RPC is used for accepting requests from remote computers. RPC/DCOM listens on TCP 135 and other ports. Successfully compromising an unpatched Windows box requires that TCP 135 or other ports be accessible. I've seen RPC ports other than 135 being probed, eg. TCP/UDP 593. In a default PIX configuration, any unrequested incoming traffic is denied by default. If you've mapped a global address to an unpatched/unprotected box and have allowed TCP 135 into it then that box is vulnerable from the Internet.
On the LAN any unpatched Windows box is vulnerable if a mobile user plugs an infected machine into the network. To mitigate chances of infection you could use updated AV software or the ICF if you're using XP or if you're using Windows 2000 you can use TCP/IP filtering. See http://support.microsoft.com/default.aspx?kbid=826955 Vijay Ramcharan -----Original Message----- From: Richard Campbell [mailto:[EMAIL PROTECTED] Sent: Monday, August 18, 2003 3:47 AM To: [EMAIL PROTECTED] Subject: how does firewall & switch port block Blaster virus? [7:74092] Hi.. My friends told me other than the microsoft patches can prevent Blaster virus , a firewall and blocking switch ports can block the virus too. Is there any configuration need to be added in my PIX and Cisco switch ports in order to block them? If yes, is there any example?? But I don't understand the concept, can you explain to me the concept? How can a firewall and switch port block Virus??? For example, my PIX disallow every incoming traffic except the ping reply, doesn't it mean it block the virus too?? _________________________________________________________________ MSN 8 with e-mail virus protection service: 2 months FREE* http://join.msn.com/?page=features/virus **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74102&t=74102 -------------------------------------------------- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
