- Jul 13, 2001
- 258
- 0
- 0
I live in an apartment building with about 30 different rooms. Each room is sharing a single DSL connection. Recently the network has been unbelievably slow. At some times, it does not seem to work at all. The management of the apartment claims that it is due to the blaster worm and its variants. However, they don?t seem to have any resolution in mind. Since I?m paying for this DSL service in my rent, I feel like this needs to be resolved! I also need the internet to complete a lot of my assignments (college student). I read up on the worm a little bit, and downloaded the patch scanning tool from Microsoft. I found the unpatched computers and obtained their MAC addresses. Here is my question/dilemma:
Even if I telnet into the router and filter traffic from the unpatched computers, how do I know that the patched computers aren?t already infected? In other words, if the worm infects an unpatched computer and the computer is then patched, is the worm still active? If it is, then I need to find a way to detect the computers on the network which are infected. Is there any way to do this? My thought was scanning the network for traffic on the ports which the worms use to spread (135, 139.. are there others?). Is there an automated tool to do this? If I block all in/out traffic on these ports on the router, will that stop the infected computers from trying to spread internally on the network? Or will it only filter those packets which are going in/out of the WAN interface? (It?s a generic Netgear cable/DSL router) If I do block those ports, will it affect normal operation at all?
Thanks for the help! Any other input or explanations are MORE than welcome. I want to find out as much as I can about this!
Willow
CCNA
P.S. If any of you are network administrators and have found a way to deal with this problem I would REALLY appreciate it if you drop me a PM. Thanks!
Even if I telnet into the router and filter traffic from the unpatched computers, how do I know that the patched computers aren?t already infected? In other words, if the worm infects an unpatched computer and the computer is then patched, is the worm still active? If it is, then I need to find a way to detect the computers on the network which are infected. Is there any way to do this? My thought was scanning the network for traffic on the ports which the worms use to spread (135, 139.. are there others?). Is there an automated tool to do this? If I block all in/out traffic on these ports on the router, will that stop the infected computers from trying to spread internally on the network? Or will it only filter those packets which are going in/out of the WAN interface? (It?s a generic Netgear cable/DSL router) If I do block those ports, will it affect normal operation at all?
Thanks for the help! Any other input or explanations are MORE than welcome. I want to find out as much as I can about this!
Willow
CCNA
P.S. If any of you are network administrators and have found a way to deal with this problem I would REALLY appreciate it if you drop me a PM. Thanks!
Facebook
Twitter