[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] Qube 3 and the Latest Wave of Viruses

Subject: RE: [cobalt-security] Qube 3 and the Latest Wave of Viruses
From: "Chuck Lewis" <clewis@xxxxxxxxxx>
Date: Fri, 3 Oct 2003 07:42:35 -0500
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

>Blaster, Sobig, Welchia, and such "probe" for machines on port 135 - the
>Qube would not natively be listening to that port and would not care (dump
>it all) so yes, that makes sense.  The router is designed to "process"
>traffic, therefore when it started coming its way, it spends a "lot" of
>time trying to firgure out what to do with all the packets that the Qube
>just discarded (routers do not discard packets except by specific
>configuration - their purpose in life is to hand off packets so that is
>what it is trying to do...)(layman's/lay-persons explanation)...

Thanks Larry,

That is GREAT information and makes sense now. We have the firewall on the
Qube 3 set to shutdown pretty much EVERY port except a couple (thanks Gerald
!). So that explains it all. They say this is coming from an internal source
so the hunt begins...

Chuck

References:
- Re: [cobalt-security] Qube 3 and the Latest Wave of Viruses
  - From: Larry Smith

Prev by Date: Re: [cobalt-security] How to compile mod_ssl DSO against new openssl-engine-0.9.6k
Next by Date: RE: [cobalt-security] Qube 3 and the Latest Wave of Viruses
Previous by thread: Re: [cobalt-security] Qube 3 and the Latest Wave of Viruses
Next by thread: [cobalt-security] Re: Qube 3 and the Latest Wave of Viruses

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index