Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
the new virus and growing packet stream 1
- Thread starter ninghi
- Start date
ForceMajuere
Technical User
Hi Ninghi,
Which virus?
I have seen the W32.Blaster.Worm cause an ARP request storm on a network as all the infected hosts search for other hosts to infect.
The solution is simple! Disinfect all the infected hosts! Run regular updates on your OS's. Install a firewall!
HTH
Force Majuere
Which virus?
I have seen the W32.Blaster.Worm cause an ARP request storm on a network as all the infected hosts search for other hosts to infect.
The solution is simple! Disinfect all the infected hosts! Run regular updates on your OS's. Install a firewall!
HTH
Force Majuere
trojan2003
IS-IT--Management
Check Symantec website ( for tools to scan recent worm, W32.MSBlaster and W32.Welchia.
If u are looking at blocking the worm on your network, visit Cisco site for some solution.
Best solution is still to patched affected PCs or Servers.
Good luck!!
If u are looking at blocking the worm on your network, visit Cisco site for some solution.
Best solution is still to patched affected PCs or Servers.
Good luck!!
sudhakarraj
ISP
Hai!!!!!!!!!!!
This could be because of new worm(Nachi) spread overs the NET.Pls go through that site
Cheers
HariSudhakar
This could be because of new worm(Nachi) spread overs the NET.Pls go through that site
Cheers
HariSudhakar
-
1
- #6
Go to Microsoft to download latest patch for NT,Win2k etc..., and apply them. Download also MS scanning tool to scan for unpatched hosts.It doesn't end here.
Go to Virus protection software site, download latest update engine/signatures, scan and clean and ensure that PCs/Servers are virus-free. McAfee have downloable Stinger program to detect latest worms like Nachi,Mblast,SoBig,Lovesan.
For Router:
1) First use ACL to block ICMP,apply to Inbound in order to minimize infected hosts from spreading virus, indicated by high CPU usage.
2) Activate "ip route-cache flow" to incoming interface(IOS 12.0 and above). Globally use "ip cache-flow feature-accelerate" to optimize process.
3) Do sho "ip cache flow | include 0000 0800" (to see hosts doing ICMP pings to scan for vulnerable PC/Servers on MS OS).
4) Refine ACL to block ICMP and vulnerable tcp/udp ports like 135,139,445,707,4444. Filtering these ports can also disable some valid MS services.
Couldn't recall all URLs but a google search for the above will find them one way or another.
Hope it helps.
Go to Virus protection software site, download latest update engine/signatures, scan and clean and ensure that PCs/Servers are virus-free. McAfee have downloable Stinger program to detect latest worms like Nachi,Mblast,SoBig,Lovesan.
For Router:
1) First use ACL to block ICMP,apply to Inbound in order to minimize infected hosts from spreading virus, indicated by high CPU usage.
2) Activate "ip route-cache flow" to incoming interface(IOS 12.0 and above). Globally use "ip cache-flow feature-accelerate" to optimize process.
3) Do sho "ip cache flow | include 0000 0800" (to see hosts doing ICMP pings to scan for vulnerable PC/Servers on MS OS).
4) Refine ACL to block ICMP and vulnerable tcp/udp ports like 135,139,445,707,4444. Filtering these ports can also disable some valid MS services.
Couldn't recall all URLs but a google search for the above will find them one way or another.
Hope it helps.
- Status
