Thanks so much.. I think most of the company will get the worm bcoz of the laptop mobile user, they connect to net from their home and infected by the worm as there is no personal firewall on the laptop and then they connect to office network and infect others. How about blocking switch port?? Can switch port block the worm as what I heard from my friends ??
>From: "Priscilla Oppenheimer" >Reply-To: "Priscilla Oppenheimer" >To: [EMAIL PROTECTED] >Subject: RE: how does firewall & switch port block Blaster [7:74092] >Date: Mon, 18 Aug 2003 19:04:49 GMT > >Richard Campbell wrote: > > > > Hi.. My friends told me other than the microsoft patches can > > prevent > > Blaster virus , a firewall and blocking switch ports can block > > the virus > > too. Is there any configuration need to be added in my PIX and > > Cisco switch > > ports in order to block them? If yes, is there any example?? > > But I don't > > understand the concept, can you explain to me the concept? How > > can a > > firewall and switch port block Virus??? > >Blaster isn't really a virus. It's a worm. Experts have argued over the >terms for years and I hope I have this right, but a virus requires host >software to help spread it, for exmaple e-mail software. Computers get >viruses because users open e-mail attachments, for example. The virus >spreads by using features of its host software, for example, address books. >It sends the evil attachemnt to every address in the program's address >book, >for example. > >Worms, on the other, can run standalone. A worm consumes computer >resources, >but it doesn't need a host application to do this or to spread. It can >propagate a complete working version of itself on to other machines by >connecting to other machines over a network and exploiting operating system >bugs or anomolies. > >So, in the case of Blaster, it spreads itself by opening a TCP connection >to >port 135. Then it takes advantage of the bad Microsoft RPC software... >(Variants use other ports too.) > >To make a long story short, people with firewalls were protected because >connection establishment requests to TCP port 135 failed. > >Unbelieveably, huge (and I mean huge) numbers of windows machines were not >protected with a global or personal firewall! Shame on us. > >Sounds like you're protected. A properly configured PIX, which you seem to >have, should protect you. > >Priscilla Oppenheimer >**Please support GroupStudy by purchasing from the GroupStudy Store: >http://shop.groupstudy.com >FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html _________________________________________________________________ The new MSN 8: advanced junk mail protection and 2 months FREE* http://join.msn.com/?page=features/junkmail Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74248&t=74092 -------------------------------------------------- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
