[unisog] anyone else seeing lots of popup spam/malware?

PaulFM paulfm at me.umn.edu
Wed Oct 26 18:04:10 GMT 2005


I would check and do an inbound and outbound block of UDP < 1024 (0-1023 UDP)
If you use NTP you will have to allow 123 ( and if you allow windows SMB file 
sharing across your boarder you will also have to allow 137 + 139 + 445) and 
of course 53 for DNS (and 500 if you are using certain VPNs).



Peter Van Epp wrote:

> 	One point of interest, they seem to only be targetting our class B (we
> also have around 16 Cs spread around various ranges). I just added a permit
> but log access list in my border router which should tell me if there is any
> legit traffic to udp port 0 (I doubt it, but we will see) and if not an 
> inbound block is in order on general principles.
> 
> Peter Van Epp / Operations and Technical Support 
> Simon Fraser University, Burnaby, B.C. Canada
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog

-- 
---------------------------------------------------------------------
The views and opinions expressed above are strictly
those of the author(s).  The content of this message has
not been reviewed nor approved by any entity whatsoever.
---------------------------------------------------------------------
Paul F. Markfort   Info/Web: http://www.menet.umn.edu/~paulfm
---------------------------------------------------------------------


More information about the unisog mailing list