To: NJ_gent
Yes we have. One of our VPN clients apparently became infected with Sasser.D about an hour ago, and then jumped through our VPN to infect a couple of other VPN clients before our operations guys were able to secure and shut down those users (they apparently have Ciscoworks set to alert them of any internal 445 activity). The good news is that the new VLAN and intermediate firewalls apparently worked like a charm and kept the virus out of our main network. The bad news is that it apparently jumped despite the fact that our Cisco concentrators should be filtering 445 completely (we're not yet sure what the problem is). Since our VPN clients sit in their own VLAN, however, all they can do right now is infect each other.
To: Arthalion
Damn thing sounds like Skynet. :-)
Thanks for the info, I'm going to have to do some more work to make sure this thing isn't able to hop on over from any of our VPN-connected clients.
97 posted on
05/03/2004 3:00:25 PM PDT by
NJ_gent
To: Arthalion
...they apparently have Ciscoworks set to alert them of any internal 445 activity... Are you blocking 445 internally as well as externally?
99 posted on
05/03/2004 3:31:55 PM PDT by
general_re
(Drive offensively - the life you save may be your own.)
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson