IDS mailing list archives
Re: Router/Switches and viruses
From: Robert Holtz <robert.d.holtz () gmail com>
Date: Thu, 5 May 2005 10:21:15 -0500
Machines that scan for other machines to infect can easy bring a router to its' knees. Block outbound 13x port range and 445 at your egress stops a good deal of this. A single machine can easy knock down a T1 line. I've seen this happen. You should also block these ports inbound since outside infected machines can also eat up bandwidth. This will break over the internet Windows file sharing but there are many other more secure mathods for providing this type of access so blocking these ports should not have any real effect. On 5/3/05, Seek Knowledge <aseeker03 () yahoo com> wrote:
Does anyone have any first-hand experience with a single infected desktop machine (or windows server for that matter) taking out a LAN switch? Would anyone have any stories from the trenches of an infected machine causing a directly connected router to stop functioning? If so, what could be done to prevent such an outage? What IDS/IPS strategy might one implement to prevent and or at least detect such an event? Thanks in advance. ASeeker ________________________________________________________________________ Yahoo! Messenger - Communicate instantly..."Ping" your friends today! Download Messenger Now http://uk.messenger.yahoo.com/download/index.html -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
-------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- Router/Switches and viruses Seek Knowledge (May 04)
- Re: Router/Switches and viruses Per Engelbrecht (May 06)
- Re: Router/Switches and viruses Derek Nash (May 06)
- Re: Router/Switches and viruses Robert Holtz (May 06)
- Re: Router/Switches and viruses Kevin (May 06)
- Re: Router/Switches and viruses Jason Haar (May 06)
- RE: Router/Switches and viruses Wolfpaw - Dale Corse (May 09)
- <Possible follow-ups>
- Re: Router/Switches and viruses Chris Byrd (May 06)
- RE: Router/Switches and viruses Steven Williams (May 09)
- RE: Router/Switches and viruses THolman (May 19)