Solved

Best way to filter worm attacks from my Netopia R9100

Posted on 2003-12-09
2
428 Views
Last Modified: 2012-05-04
I am being wormed.  And while I am comforted by the fact that my Windows security seems pretty solid, my server gets hit every sec at times.  I want to block this traffic at the router.  I run POP3, SMTP, and RDP, Outlook Web Access.  I have some filters set up on the router that seem to do a good job, except for all these failed logon attempts.  grc.com reports first 1056 ports as all closed.

So...how should  I make sure that my router is locked down aganst the worm attacks?  What more can I do in general?

Specific help directed toward Netopia filter sets would be appreciated.  If it makes sense to break this question down into more specific pieces, let me know.

0
Comment
Question by:Quetzal
2 Comments
 
LVL 18

Assisted Solution

by:chicagoan
chicagoan earned 250 total points
ID: 9904496
The basic premise is to block all ports not necessary to the functions of the public services.
If your audience is private, you can further restrict access by address or consider a VPN to exclude access from non authorized people.
If the audience is global and the attacks are on ports you have to open for functionality, you can either analyze the traffic and start blocking netblocks either manually or with a reactionary IDS system, or live with the reality that open ports are a magnet for vulnerability probles.

While I'm not familiar with the Netopia interface, your application is an extremely common one and I would think the vendor has a standard template to help you lock it down as much as possible.

I assume you're running these service on a seperate ISA machine and your Exchange services are locked down to the corporate lan and the ISA machine only, if not that is an avenue you should pursue as well.




0
 
LVL 10

Accepted Solution

by:
KingHollis earned 250 total points
ID: 9918974
Quetzal,
The basic premises outlined by chicagoan are echoed by me. More importantly though, you sould understand that you are talking about a router. It isn't a firewall in the truest sense-- it will only filter traffic not inspect it. So you can say, "I want to block everything but TCP/80, TCP/443, TCP/3389, etc.", but you have effectively just left these holes open. The router isn't able to tell if the port 80 traffic is HTTP or not. The packets could be trojans or other malevolent malformed packets disguised as HTTP taffic. What you need to invest in is a decent stateful packet inspection firewall with application proxy filtering. Otherwise, just having these services hanging off the Netopia router will eventually lead to some unwanted traffic.
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Pop culture is prime bait for hackers seeking to infect user’s computers and mobile devices with malicious malware. Hackers know exactly what the latest trends are online and know how to use them to their advantage.
The 21st century solution to antiquated pagers.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question