Solved

Best way to filter worm attacks from my Netopia R9100

Posted on 2003-12-09
2
421 Views
Last Modified: 2012-05-04
I am being wormed.  And while I am comforted by the fact that my Windows security seems pretty solid, my server gets hit every sec at times.  I want to block this traffic at the router.  I run POP3, SMTP, and RDP, Outlook Web Access.  I have some filters set up on the router that seem to do a good job, except for all these failed logon attempts.  grc.com reports first 1056 ports as all closed.

So...how should  I make sure that my router is locked down aganst the worm attacks?  What more can I do in general?

Specific help directed toward Netopia filter sets would be appreciated.  If it makes sense to break this question down into more specific pieces, let me know.

0
Comment
Question by:Quetzal
2 Comments
 
LVL 18

Assisted Solution

by:chicagoan
chicagoan earned 250 total points
ID: 9904496
The basic premise is to block all ports not necessary to the functions of the public services.
If your audience is private, you can further restrict access by address or consider a VPN to exclude access from non authorized people.
If the audience is global and the attacks are on ports you have to open for functionality, you can either analyze the traffic and start blocking netblocks either manually or with a reactionary IDS system, or live with the reality that open ports are a magnet for vulnerability probles.

While I'm not familiar with the Netopia interface, your application is an extremely common one and I would think the vendor has a standard template to help you lock it down as much as possible.

I assume you're running these service on a seperate ISA machine and your Exchange services are locked down to the corporate lan and the ISA machine only, if not that is an avenue you should pursue as well.




0
 
LVL 10

Accepted Solution

by:
KingHollis earned 250 total points
ID: 9918974
Quetzal,
The basic premises outlined by chicagoan are echoed by me. More importantly though, you sould understand that you are talking about a router. It isn't a firewall in the truest sense-- it will only filter traffic not inspect it. So you can say, "I want to block everything but TCP/80, TCP/443, TCP/3389, etc.", but you have effectively just left these holes open. The router isn't able to tell if the port 80 traffic is HTTP or not. The packets could be trojans or other malevolent malformed packets disguised as HTTP taffic. What you need to invest in is a decent stateful packet inspection firewall with application proxy filtering. Otherwise, just having these services hanging off the Netopia router will eventually lead to some unwanted traffic.
0

Featured Post

Superior storage. Superior surveillance.

WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

Join & Write a Comment

Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now