Manifesto Multilinko
Interesting links and notes on updates to my main website.

[add RSS feed][add RSS feed]

[to search, use Blogger search in top bar]

Sunday, August 24, 2003

Welcome to your security nightmare.
JUST the ports for SoBig.F

OCIPEP recommends configuring firewalls to block outgoing connection attempts to UDP port 8998, UDP 123 [NTP] and UDP ports 995, 996, 997, 998 and 999. OCIPEP also recommends that organizations block all incoming and outgoing UDP ports unless it is essential for operational purposes. If organizations cannot block UDP ports, it is critical that all UDP traffic be carefully monitored for SoBig traffic.

W32.Sobig.f@MM Worm: Attempts to prevent Phase 2 failed - Additional Protection Information

More effective would be to block these both inbound and outbound. Note that blocking UDP 123 will block any legitimate NTP time synchronization you are doing.