Best way to filter worm attacks from my Netopia R9100

I am being wormed.  And while I am comforted by the fact that my Windows security seems pretty solid, my server gets hit every sec at times.  I want to block this traffic at the router.  I run POP3, SMTP, and RDP, Outlook Web Access.  I have some filters set up on the router that seem to do a good job, except for all these failed logon attempts.  grc.com reports first 1056 ports as all closed.

So...how should  I make sure that my router is locked down aganst the worm attacks?  What more can I do in general?

Specific help directed toward Netopia filter sets would be appreciated.  If it makes sense to break this question down into more specific pieces, let me know.

LVL 11
QuetzalAsked:
Who is Participating?
 
KingHollisConnect With a Mentor Commented:
Quetzal,
The basic premises outlined by chicagoan are echoed by me. More importantly though, you sould understand that you are talking about a router. It isn't a firewall in the truest sense-- it will only filter traffic not inspect it. So you can say, "I want to block everything but TCP/80, TCP/443, TCP/3389, etc.", but you have effectively just left these holes open. The router isn't able to tell if the port 80 traffic is HTTP or not. The packets could be trojans or other malevolent malformed packets disguised as HTTP taffic. What you need to invest in is a decent stateful packet inspection firewall with application proxy filtering. Otherwise, just having these services hanging off the Netopia router will eventually lead to some unwanted traffic.
0
 
chicagoanConnect With a Mentor Commented:
The basic premise is to block all ports not necessary to the functions of the public services.
If your audience is private, you can further restrict access by address or consider a VPN to exclude access from non authorized people.
If the audience is global and the attacks are on ports you have to open for functionality, you can either analyze the traffic and start blocking netblocks either manually or with a reactionary IDS system, or live with the reality that open ports are a magnet for vulnerability probles.

While I'm not familiar with the Netopia interface, your application is an extremely common one and I would think the vendor has a standard template to help you lock it down as much as possible.

I assume you're running these service on a seperate ISA machine and your Exchange services are locked down to the corporate lan and the ISA machine only, if not that is an avenue you should pursue as well.




0
All Courses

From novice to tech pro — start learning today.