Richard Campbell wrote: > > Hi.. My friends told me other than the microsoft patches can > prevent > Blaster virus , a firewall and blocking switch ports can block > the virus > too. Is there any configuration need to be added in my PIX and > Cisco switch > ports in order to block them? If yes, is there any example?? > But I don't > understand the concept, can you explain to me the concept? How > can a > firewall and switch port block Virus???
Blaster isn't really a virus. It's a worm. Experts have argued over the terms for years and I hope I have this right, but a virus requires host software to help spread it, for exmaple e-mail software. Computers get viruses because users open e-mail attachments, for example. The virus spreads by using features of its host software, for example, address books. It sends the evil attachemnt to every address in the program's address book, for example. Worms, on the other, can run standalone. A worm consumes computer resources, but it doesn't need a host application to do this or to spread. It can propagate a complete working version of itself on to other machines by connecting to other machines over a network and exploiting operating system bugs or anomolies. So, in the case of Blaster, it spreads itself by opening a TCP connection to port 135. Then it takes advantage of the bad Microsoft RPC software... (Variants use other ports too.) To make a long story short, people with firewalls were protected because connection establishment requests to TCP port 135 failed. Unbelieveably, huge (and I mean huge) numbers of windows machines were not protected with a global or personal firewall! Shame on us. Sounds like you're protected. A properly configured PIX, which you seem to have, should protect you. Priscilla Oppenheimer Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74116&t=74092 -------------------------------------------------- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
