[unisog] anyone else seeing lots of popup spam/malware?

PaulFM paulfm at me.umn.edu
Wed Oct 26 18:04:10 GMT 2005

I would check and do an inbound and outbound block of UDP < 1024 (0-1023 UDP)
If you use NTP you will have to allow 123 ( and if you allow windows SMB file 
sharing across your boarder you will also have to allow 137 + 139 + 445) and 
of course 53 for DNS (and 500 if you are using certain VPNs).

Peter Van Epp wrote:

> 	One point of interest, they seem to only be targetting our class B (we
> also have around 16 Cs spread around various ranges). I just added a permit
> but log access list in my border router which should tell me if there is any
> legit traffic to udp port 0 (I doubt it, but we will see) and if not an 
> inbound block is in order on general principles.
> Peter Van Epp / Operations and Technical Support 
> Simon Fraser University, Burnaby, B.C. Canada
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog

The views and opinions expressed above are strictly
those of the author(s).  The content of this message has
not been reviewed nor approved by any entity whatsoever.
Paul F. Markfort   Info/Web: http://www.menet.umn.edu/~paulfm

More information about the unisog mailing list