Re: How do I stop the mydoom virus?
From: Phil McNeill (philm_at_NOSPAMhydroottawa.com)
Date: 03/25/04
- Next message: Wilson: "Multiple domains in 2003"
- Previous message: Mohammed Alli: "Re: How do I stop the mydoom virus?"
- In reply to: Mohammed Alli: "How do I stop the mydoom virus?"
- Next in thread: Mohammed Alli: "Re: How do I stop the mydoom virus?"
- Reply: Mohammed Alli: "Re: How do I stop the mydoom virus?"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 25 Mar 2004 11:42:42 -0500
Don't know if you manage your own firewall, but we track down machines that
are infected by blocking outbound ports they exploit, logging outbound
access attempts to those ports, and then checking the log. That gives us an
IP address of the infected machine and it can then be traced back via DHCP
admin as to who has that address. There are a lot of available network
tools that will automate a lot of this for you as well.
Mydoom bangs away at ports 3127-3198, so those are the ones you would wants
to check for outbound access attempts.
"Mohammed Alli" <MAlli@computerrents.com> wrote in message
news:uVC%231MoEEHA.2628@TK2MSFTNGP11.phx.gbl...
> I keep getting emails saying that there's a new security update from
> Microsoft. I'm getting a lot of these types of emails lately and I was
> wondering if there's a way to stop this? I know that I have an instance
or
> instances of the mydoom virus, on a workstation or possibly a server, in
my
> building. Is there a way to trace this where it is or where the emails
are
> coming from?
>
>
- Next message: Wilson: "Multiple domains in 2003"
- Previous message: Mohammed Alli: "Re: How do I stop the mydoom virus?"
- In reply to: Mohammed Alli: "How do I stop the mydoom virus?"
- Next in thread: Mohammed Alli: "Re: How do I stop the mydoom virus?"
- Reply: Mohammed Alli: "Re: How do I stop the mydoom virus?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
