2. Tech
  3. Use Access-List against the "shock wave" virus

Use Access-List against the "shock wave" virus

xiaoxiao2021-03-06  47

Recently, "WORM_MSBLAST.A" starts to spread on the domestic Internet and some private networks. I used the Access-list that I did before the access layer placed!

Everyone can refer to it

Access-list 120 deny 53 Any Any

Access-list 120 deny 55 Any Any

Access-list 120 deny 77 Any Any

Access-list 120 deny 103 Any Any

Several caution!

Access-list 120 deny TCP Any Any Eq Echo

Access-list 120 deny TCP Any Any EQ Chargen

Access-list 120 deny TCP Any Any EQ 135

Access-list 120 deny TCP Any Any EQ 136

Access-list 120 deny TCP Any Any EQ 137

Access-list 120 deny TCP Any Any EQ 138

Access-list 120 deny TCP Any Any EQ 139

Access-list 120 deny TCP Any Any EQ 389

Access-list 120 deny TCP Any Any EQ 445

Access-list 120 deny TCP Any Any EQ 4444 //

Access-list 120 de Neny UDP Any Any EQ 69 //

Access-list 120 de Neny UDP Any Any EQ 135

Access-list 120 deny udp any Any EQ 136

Access-list 120 de Neny UDP Any Any EQ 137

Access-list 120 de Neny UDP Any Any EQ 138

Access-list 120 deny udp Any Any EQ 139

Access-List 120 deny udp any Any EQ SNMP

Access-list 120 deny udp any Any EQ 389

Access-list 120 deny udp any Any EQ 445

Access-list 120 deny udp any Any EQ 1434

Access-list 120 deny udp Any Any EQ 1433

Access-list 120 permit ip Any Any

Appendix: Treatment!

****************************************

(1) For uninfected hosts:

Recommendation An http://microsoft.com/technet/securi...in/ms03-026.asp specified in the PATCH

(2) For infected systems:

It may not be possible to upgrade the patch from the Microsoft, it is recommended to handle the following:

I. Disconnect the physics network connection of the machine.

II. Execute Registry Edit Command: Regedit, Check

"HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows

CurrentVersion / Run / Windows Auto Update is

No ordered the key value of MSBLAST.EXE, if it exists, delete it.

Iii. Run Task Manager, turn off the MSBLast.exe process.

IV. Complete one of the following two operations:

a. Close DCOM: Set hkey_local_machine / Software / Microsoft / OLE

The enabledCom key value is N.

b. Set firewall or Microsoft's Internet

Connection filter (ICF) Blocks the following ports from the incoming direction: 69 / UDP 135 / TCP 135 / UDP 139 / TCP

139 / UDP 445 / TCP 445 / UDP 4444 / TCP.

V. Reconnect the network, install http://microsoft.com/technet/securi...in/ms03-026.asp specified in the PATCH

转载请注明原文地址:https://www.9cbs.com/read-80599.html

9cbs

New Post(0)