now ANSWER YOUR MOST PRESSING QUESTION ABOUT INTERNET THREATS. (PLUS 99 OTHERS.)
Welcome to a place where your network is top priority.
And defending it is top of mind.
Are there specific ports that worms attack?
NBAR blocked Code Red, does it work against current worms?
How do you battle worms that use needed ports and services?
Will blocking ports impact Windows Active Directory?
Do private VLANs span multiple switches?
With Blaster, port 135 TCP, port 4444 TCP, and port 69 UDP were used. In most enterprise environments, there is no need to open those ports to external access, so they can be closed.
SEE ALL 100 QUESTIONS AND ANSWERS ABOUT INTERNET THREATS
With Blaster, port 135 TCP, port 4444 TCP, and port 69 UDP were used. In most enterprise environments, there is no need to open those ports to external access, so they can be closed.
NBAR is effective as a tactical tool, but needs to match the identifier value unique to this and all worms. With Code Red worms, Cisco uses an HTTP match on default traffic pattern identifiers. With Blaster worm, we look for SQL packets of a specific length.
Cisco Security Agent allows you to block any ports on hosts and provides layers of protection. Case in point, Cisco Security Agent prevented Blaster from spawning a command shell and executing its payload.
Yes. It is imperative to only filter these ports when there is normally no business need for them to exist. To mitigate these worms in cases where these ports must be open, other technologies, such as antivirus and HIPS, must be used.
Private VLAN ports can be on different network devices, as long as the devices are trunk-connected and the primary and secondary VLANs have not been removed from the trunk.
More Resources from the Cisco Security Experts
General Info
Cisco Security Information
Go Cisco Security
Networking Professionals Connection
Cisco Threat Defense System
White Papers
Internet Worm Attack Mitigation White Paper
Cisco SAFE Blueprint Security Design Guides
Cisco Security Agent White Papers
Cisco Intrusion Detection White Papers
Audio & Video
Tech Talk: Combating Blaster and Other Internet Worms
Video: Internet Worm Attack Mitigation
Technical Support
Cisco Product Security Incident Response Team (PSIRT)
Securing Networks with Private VLANs and VLAN ACLs
WORM & VIRUS Q&A SAFE BLUEPRINT FROM CISCO