Richard Campbell wrote: > Hi.. My friends told me other than the microsoft patches can prevent > Blaster virus , a firewall and blocking switch ports can block the virus > too. Is there any configuration need to be added in my PIX and Cisco switch > ports in order to block them? If yes, is there any example?? But I don't > understand the concept, can you explain to me the concept? How can a > firewall and switch port block Virus??? For example, my PIX disallow every > incoming traffic except the ping reply, doesn't it mean it block the virus > too?? > > _________________________________________________________________ > MSN 8 with e-mail virus protection service: 2 months FREE* > http://join.msn.com/?page=features/virus > **Please support GroupStudy by purchasing from the GroupStudy Store: > http://shop.groupstudy.com > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > The MSBlaster Worm propagates without email -- it scans for a host with open ports, enters through those ports, executes its package which takes advantage of RPC and/or DCOM vulnerabilities, then propagates.
That's a very short version, more info is available at www.cert.org, www.sans.org, isc.sans.org. TCP Ports used are 135, 137-139, 445, and (I believe, no time to look it up now) 1026. TFTP downloads (which is part of the worm's internal execution) occur on 4444 (UDP), IIRC. Try the above references for better info. Annlee Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74101&t=74101 -------------------------------------------------- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
