[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] Qube 3 and the Latest Wave of Viruses

Subject: [cobalt-security] Qube 3 and the Latest Wave of Viruses
From: "Chuck Lewis" <clewis@xxxxxxxxxx>
Date: Thu, 2 Oct 2003 21:19:17 -0500
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hi Folks,

Had something interesting happen today. Some back ground. We have had a
new T1 installed for a VPN to allow the sales force to get in (have a
VPN now over ADSL but the router was limited in the # of users as a
"test/proof of concept"). This company also offers co-lo (with Raqs !)
and has a huge setup not too far from us. We got this from a data comm
company here in town. This T1 comes into their facility and goes through
all of their firewalls and security and then comes over to us.

So the line is in and the owner of this data comm firm personally came
in to get us set up. I have known this guy for years and he is GOOD.

Well in his setting things up, he noticed that our PC's (at our host
site and 9 remotes connected over a frame relay network) had SOME (not
all...) PC's that were using the Qube 3's IP address as their default
gateway rather than the Cisco router at the remote site(s). 

They are going to host our DNS, etc. so he was reconfiguring the Cisco
firewall the way it should have been so that now the Qube 3 is NOT the
default gateway. Well something interesting happened. Our internet
access was MUCH better for a while and then it went to HECK. The
firewall was/is getting HAMMERED with Sobig, etc. stuff. He took off
some filters that had been masking this and went back over to his site
(where they have very sophisticated monitoring equipment) and they could
not BELIEVE all the junk coming in. They are working tonight to narrow
down which PC(s) at which site(s) of ours is infected and doing this...
He built up an ACL that we will load on the firewall in the morning and
all should be OK. 

What surprised both of us is the Qube 3 had to be getting hammered like
this too but "took a lickin' and kept on tickin' " so to speak. What was
the Qube 3 doing to ignore/absorb this traffic that is overwhelming the
memory in this Cisco 1605R ?

So this sound plausible to you folks that understand this stuff  -
better than me :-) ?

Thanks,

Chuck

Follow-Ups:
- Re: [cobalt-security] Qube 3 and the Latest Wave of Viruses
  - From: Larry Smith
- [cobalt-security] Re: Qube 3 and the Latest Wave of Viruses
  - From: Bruce Timberlake
- [cobalt-security] Re: Qube 3 and the Latest Wave of Viruses
  - From: Parker Morse

Prev by Date: Re: [cobalt-security] Anyone know what cause this while sending emails : Error: socket failed (Too many open files in system)
Next by Date: Re: [cobalt-security] Qube 3 and the Latest Wave of Viruses
Previous by thread: RE: [cobalt-security] Getting this after a clean / fresh re-install
Next by thread: Re: [cobalt-security] Qube 3 and the Latest Wave of Viruses

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index