Blocking NTP for Sobig,F

Jason Brooks jbrooks at
Fri Aug 22 17:16:51 GMT 2003

We are looking for the payload of sobig.f to drop later today, though our 
department has put up a yeoman's defense against it.  One thought some 
discussed this morning is blocking ntp traffic to certain segments of the 
network that would not normally need it.  Since the worm is set to ignite 
at the appropriate time gleaned from ntp, would it be possible, in the 
estimation of any, to block ntp traffic say, from workstations (not 
servers), in order to break the timing of the worm, if not even to make it 
Thanks for the thoughts,
Jason Brooks

Jason Brooks
Information Security Technician
116 - B Coyner
Longwood University
201 High Street
Farmville, VA 23901
(434) 395-2796

More information about the unisog mailing list