Blocking NTP for Sobig,F

Jason Brooks jbrooks at longwood.edu
Fri Aug 22 17:16:51 GMT 2003


We are looking for the payload of sobig.f to drop later today, though our 
department has put up a yeoman's defense against it.  One thought some 
discussed this morning is blocking ntp traffic to certain segments of the 
network that would not normally need it.  Since the worm is set to ignite 
at the appropriate time gleaned from ntp, would it be possible, in the 
estimation of any, to block ntp traffic say, from workstations (not 
servers), in order to break the timing of the worm, if not even to make it 
ineffective?
Thanks for the thoughts,
Jason Brooks


Jason Brooks
Information Security Technician
IITS
116 - B Coyner
Longwood University
201 High Street
Farmville, VA 23901
(434) 395-2796



More information about the unisog mailing list