Solved

Best way to filter worm attacks from my Netopia R9100

Posted on 2003-12-09
2
431 Views
Last Modified: 2012-05-04
I am being wormed.  And while I am comforted by the fact that my Windows security seems pretty solid, my server gets hit every sec at times.  I want to block this traffic at the router.  I run POP3, SMTP, and RDP, Outlook Web Access.  I have some filters set up on the router that seem to do a good job, except for all these failed logon attempts.  grc.com reports first 1056 ports as all closed.

So...how should  I make sure that my router is locked down aganst the worm attacks?  What more can I do in general?

Specific help directed toward Netopia filter sets would be appreciated.  If it makes sense to break this question down into more specific pieces, let me know.

0
Comment
Question by:Quetzal
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 18

Assisted Solution

by:chicagoan
chicagoan earned 250 total points
ID: 9904496
The basic premise is to block all ports not necessary to the functions of the public services.
If your audience is private, you can further restrict access by address or consider a VPN to exclude access from non authorized people.
If the audience is global and the attacks are on ports you have to open for functionality, you can either analyze the traffic and start blocking netblocks either manually or with a reactionary IDS system, or live with the reality that open ports are a magnet for vulnerability probles.

While I'm not familiar with the Netopia interface, your application is an extremely common one and I would think the vendor has a standard template to help you lock it down as much as possible.

I assume you're running these service on a seperate ISA machine and your Exchange services are locked down to the corporate lan and the ISA machine only, if not that is an avenue you should pursue as well.




0
 
LVL 10

Accepted Solution

by:
KingHollis earned 250 total points
ID: 9918974
Quetzal,
The basic premises outlined by chicagoan are echoed by me. More importantly though, you sould understand that you are talking about a router. It isn't a firewall in the truest sense-- it will only filter traffic not inspect it. So you can say, "I want to block everything but TCP/80, TCP/443, TCP/3389, etc.", but you have effectively just left these holes open. The router isn't able to tell if the port 80 traffic is HTTP or not. The packets could be trojans or other malevolent malformed packets disguised as HTTP taffic. What you need to invest in is a decent stateful packet inspection firewall with application proxy filtering. Otherwise, just having these services hanging off the Netopia router will eventually lead to some unwanted traffic.
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Keystroke loggers have been around for a very long time. While the threat is old, some of the remedies are new!
A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question