Machines that scan for other machines to infect can easy bring a
router to its' knees. Block outbound 13x port range and 445 at your
egress stops a good deal of this. A single machine can easy knock
down a T1 line. I've seen this happen.
You should also block these ports inbound since outside infected
machines can also eat up bandwidth.
This will break over the internet Windows file sharing but there are
many other more secure mathods for providing this type of access so
blocking these ports should not have any real effect.
On 5/3/05, Seek Knowledge <aseeker03@yahoo.com> wrote:
Does anyone have any first-hand experience with a
single infected desktop machine (or windows server for
that matter) taking out a LAN switch? Would anyone
have any stories from the trenches of an infected
machine causing a directly connected router to stop
functioning?
If so, what could be done to prevent such an outage?
What IDS/IPS strategy might one implement to prevent
and or at least detect such an event?
Thanks in advance.
ASeeker
________________________________________________________________________
Yahoo! Messenger - Communicate instantly..."Ping"
your friends today! Download Messenger Now
http://uk.messenger.yahoo.com/download/index.html
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
