Richard Campbell wrote: > > Thanks so much.. I think most of the company will get the worm > bcoz of the > laptop mobile user, they connect to net from their home and > infected by the > worm as there is no personal firewall on the laptop and then > they connect to > office network and infect others. How about blocking switch > port?? Can > switch port block the worm as what I heard from my friends ??
A switch (using traditional language) is a data-link layer device. It wouldn't know that the worm is spreading using TCP port 135. It doesn't look beyond the MAC addresses in frames. A layer 3 switch (marketing term for a router) could block it. So could a firewall. All laptops should run personal firewalls. I think all computers should run personal firewalls actually. Then they would be protected from the problem of the mobile user bringing in an infected laptop. I realize this is difficult to implement and enforce though. Priscilla > > >From: "Priscilla Oppenheimer" > >Reply-To: "Priscilla Oppenheimer" > >To: [EMAIL PROTECTED] > >Subject: RE: how does firewall & switch port block Blaster > [7:74092] > >Date: Mon, 18 Aug 2003 19:04:49 GMT > > > >Richard Campbell wrote: > > > > > > Hi.. My friends told me other than the microsoft patches > can > > > prevent > > > Blaster virus , a firewall and blocking switch ports can > block > > > the virus > > > too. Is there any configuration need to be added in my PIX > and > > > Cisco switch > > > ports in order to block them? If yes, is there any example?? > > > But I don't > > > understand the concept, can you explain to me the concept? > How > > > can a > > > firewall and switch port block Virus??? > > > >Blaster isn't really a virus. It's a worm. Experts have argued > over the > >terms for years and I hope I have this right, but a virus > requires host > >software to help spread it, for exmaple e-mail software. > Computers get > >viruses because users open e-mail attachments, for example. > The virus > >spreads by using features of its host software, for example, > address books. > >It sends the evil attachemnt to every address in the program's > address > >book, > >for example. > > > >Worms, on the other, can run standalone. A worm consumes > computer > >resources, > >but it doesn't need a host application to do this or to > spread. It can > >propagate a complete working version of itself on to other > machines by > >connecting to other machines over a network and exploiting > operating system > >bugs or anomolies. > > > >So, in the case of Blaster, it spreads itself by opening a TCP > connection > >to > >port 135. Then it takes advantage of the bad Microsoft RPC > software... > >(Variants use other ports too.) > > > >To make a long story short, people with firewalls were > protected because > >connection establishment requests to TCP port 135 failed. > > > >Unbelieveably, huge (and I mean huge) numbers of windows > machines were not > >protected with a global or personal firewall! Shame on us. > > > >Sounds like you're protected. A properly configured PIX, which > you seem to > >have, should protect you. > > > >Priscilla Oppenheimer > >**Please support GroupStudy by purchasing from the GroupStudy > Store: > >http://shop.groupstudy.com > >FAQ, list archives, and subscription info: > >http://www.groupstudy.com/list/cisco.html > > _________________________________________________________________ > The new MSN 8: advanced junk mail protection and 2 months FREE* > http://join.msn.com/?page=features/junkmail > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74256&t=74092 -------------------------------------------------- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html