General discussion

Locked

Can viruses/worms be spread by ...

By chipw ·
Can viruses/worms be spread/perpetuated by/through routers/hubs/switches/intel netport printer servers? We recently have been hit fairly hard by a number of viruses/worms. Finding the entry point has been fruitless. We think we found it today, but are not completely sure. What are the chances of the above mentioned network hardware spreading a virus or worm?

This conversation is currently closed to new comments.

4 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by sgt_shultz In reply to Can viruses/worms be spre ...

hub/switches - no. routers. routers can be computers or stand-alone boxes. the computers are just as vulnerable as any un-hardened computer. the stand-alone boxes do not have viruses targeted at them that I know of... print server - no. maybe you are thinking of security holes created by obsolete versions of web-enabled print server management software...
there are many different ways in which viruses can be spread. get some hacker books and kiss your sleepful nights good-bye (smile). have strong passwords, frequently changed and secret, on network shares and user accounts, disable guest and default accounts, keep up to date on security patches for your OS, anti-virus and applications. don't let apps like instant messaging, and kazaa and remote control software be installed without your say so. if you install stuff like pcanywhere, read up on how to install it more securely than out of the box, don't broadcast host names and use ports other than the standard. become familiar with your OS logs. have a firewall. or two. harden your OS following guidelines available at www.cert.org. my opinion is it is too hard to completely tighten down to get that done but too easy to close the obvious doors not to do that much...our networks are bait, nothing to be done about that, but can reduce the odor of fresh meat, see?

Collapse -

by chipw In reply to Can viruses/worms be spre ...

Thanks for the response. Yeah, we were thinking of obsolete web services running on the mentioned devices.

How does one go about finding the point of entry for a virus/worm? Last friday we were hit by 3 - valla, pinfi and mumu (none are new). How do we determine if these came in from email attachments or a web page? Or a floppy? Any suggestions on how to determine this?

Collapse -

by wlbowers In reply to Can viruses/worms be spre ...

Most corporate av packages will tell you the machine, and file that was detected.

If you don't keep your av up they will spread like a forest fire.

Files carry virus and trojans, email that is carried throught the system. A user can click on a link on the wrong website and load a hackers probe.

Then the program will actually attack the av engine and download other goodies for the creep.

Once an infection gets in to a system it can spread by normal operation. File access, mapped drives, ect.

It is a constant battle for techs and admins.

Use of a corporate edition antivirus that is server/client based is the best defense on a internal lan. The server keeps the updates current and propagates them to the clients.

There are several companies that have good products.

Computer Associates is the one I use the most.
http://www.ca.com

This is a round about way of answering your question.

Good Luck Lee

Collapse -

by wlbowers In reply to Can viruses/worms be spre ...

Most corporate av packages will tell you the machine, and file that was detected.

If you don't keep your av up they will spread like a forest fire.

Files carry virus and trojans, email that is carried throught the system. A user can click on a link on the wrong website and load a hackers probe.

Then the program will actually attack the av engine and download other goodies for the creep.

Once an infection gets in to a system it can spread by normal operation. File access, mapped drives, ect.

It is a constant battle for techs and admins.

Use of a corporate edition antivirus that is server/client based is the best defense on a internal lan. The server keeps the updates current and propagates them to the clients.

There are several companies that have good products.

Computer Associates is the one I use the most.
http://www.ca.com

This is a round about way of answering your question.

Good Luck Lee

Back to Security Forum
4 total posts (Page 1 of 1)  

Related Discussions

Related Forums