Security Incidents mailing list archives
RE: Blaster Recurrence
From: "Dave Paris" <dparis () w3works com>
Date: Tue, 3 Feb 2004 09:19:19 -0500
In addition to shutting down unused switch ports, MAC-lock your active ports to prevent someone from just unplugging one cable and shoving in another (blocking physical access to the devices in the first place is also a Good Thing) MAC-locked DHCP is also helpful... as are VLANs. When properly configured (which, yes, takes time and resources a lot of companies aren't willing to expend until they're crippled by something like this), your network infrastructure can prevent a lot of attack vectors and make life a little more bearable for the admins charged with keeping peace on the wires. Kind Regards, -dsp -----Original Message----- From: Neil Anderson [mailto:cleidh_mor () btopenworld com] Sent: Monday, February 02, 2004 3:35 PM To: incidents () securityfocus com Subject: Re: Blaster Recurrence -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Our company and some of our clients had several occurrences of Blaster re-appearing on patched machines after the first patch - we had to re-patch with an updated patch. We found that the most direct route for infection was remote users with laptop/VPN/no firewall... Try restricting remote access and I would get those infected machines off the network, re-installed and patched *before* reconnection to the network, but that's stating the obvious ;) Also, if you can, shutdown all currently unused switch ports so that foreign machines can't be connected without you knowing. If you get someone who has to connect a foreign machine, scan it first. Hope this helps. Cheers, Neil Network Engineer. [...] --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Blaster Recurrence E. Jimmy Allotey (Feb 02)
- RE: Blaster Recurrence James C Slora Jr (Feb 02)
- Re: Blaster Recurrence Neil Anderson (Feb 02)
- RE: Blaster Recurrence Dave Paris (Feb 03)
- Re: Blaster Recurrence Nick FitzGerald (Feb 03)
- RE: Blaster Recurrence E. Jimmy Allotey (Feb 03)
- <Possible follow-ups>
- RE: Blaster Recurrence Henderson, Dennis K. (Feb 02)