Hey guys, I had a gentlemen that runs an offsite software application that my company uses on a daily basis. He called me today and said that his Linux e-mail server was getting suspicious hits for two days that link back to my domain IP address. He said they found out that it was the Mytob worm trying to get access. I have a PIX and have Symantec Mail Security 4.6 running on my exchange. How can I keep it from coming in and out. The Mail Security does a pretty good job of scanning and killing most if not all viruses coming through so I'm having a hard time understanding this. What can I do to block this so others don't start calling me telling me to do something about it? Thanks
MYTOB questions
4 posts
• Page 1 of 1
- windows media center
- money
- security
- Windows XP
- lisp
- DATABASE
- Microsoft Systems Management Server
- cobol
- MS OFFICE OUTLOOK
- Windows 98
Jump to:
- 1. Checkpoint won't run in Remote Desktop session
We are a software development and support company supporting our clients Intranet via VPN. We have been requested by our client to use Secu Remote to obtain access to their network. Since we have a number of developers requiring access to support, we have configured a single workstation as a Windows 2003 server machine with the necessary tools and checkpoint vpn. The idea being that we can tie down security and control a single machine environment far easier than a number of disparate machines. The plan was that developers would need to connect to this 'Client Gateway' server using Remote Desktop and then effectively use this session to connect to the client machine. Problem: when anyone logs onto the Client Gateway Server using Remote Desktop they are unable to run Checkpoint. Double clicking on the program launch does nothing at all. No error messages or anything, just nothing. If the same user logs on locally to the same Client Gateway server, then all is fine. I'm wondering if the issue is something to do with file security on the server or perhaps Checkpoint not being able to run in a session. Do you know if there is a way around this that would enable remote connections to run Checkpoint on a win2003 server machine? - 2. help needed with version 6.5 System Scanner and Internet Scanner; logs such as IIS, Event Viewer, FW, PDC, Router, DB,
help needed in NJ. knowledge of related systems and tools including Router and FW configuration files; Real Secure IDS version 6.5 System Scanner and Internet Scanner; logs such as IIS, Event Viewer, FW, PDC, Router, DB, etc; Protocols (TCP/IP, IPX, SNA, etc); Network Operating Systems including UNIX, Windows (2000, NT, XP, Me, 98, 95, DOS) and Linux; and C+, C++ shell scripting (helpful but not required). Other areas of knowledge should include Firewall, PKI, SSO, Application Control, VPN, RAS Admin, IDS, and Security Scanning tools. located New Jersey.... if interested.. its a name your package kinda deal. Ref TD001 -- John D Allen. CEO & President. Leveridge Systems INC. v1 (909) 699 3751 f1 (800) 783 4350 - 3. help needed in setting up and configuring firewalls for NAT, DMZ, port forwarding, proxy services.
If interested.. name your salary kinda deal. Our client is desperate for tech support services. located Mass. a.. Internet DNS administration: A records, MX records, TTL's BIND, NAMED, mailer preferences a.. Internet Firewall Experience: setting up and configuring firewalls for NAT, DMZ, port forwarding, proxy services. a.. Internet SMTP emails administration, email flow, back-up email services. Mail Records, SMTP relays and error codes. a.. IP address, subnetting and subnet masks a.. Unix, Linux and Windows 2000 skills a.. Experience with Exchange, Groupwise and/or Notes a.. Accustomed to working on an on-call 24x7 basis and working some weekends a.. a.. -- John D Allen. CEO & President. Leveridge Systems INC. v1 (909) 699 3751 f1 (800) 783 4350 - 4. ICMP Firewall Rules
I have always been uncertain how to set firewall rules for ICMP. Sure could use some help. Which of the following should be: (1) allowed incoming (2) allowed outgoing (3) allowed both incoming and outgoing. ICMP 0 echo reply ICMP 8 echo request ICMP 3 destination unreachable ICMP 10 router solicitation ICMP 11 time exceeded for datagram Are there any others that should be added to the list? Thanks casey - 5. Zonealarm blocking Internet on High security
Hi, I have just set up a new Windows 2000 SP4 machine, and installed ZoneAlarm 4.5.594 on it as the firewall. It's a standalone machine with a 56K modem connection to the internet (no ICS). The problem is ZA blocks all requests to websites whilst browsing in IE if Internet Zone Security is set to High. I can ping websites ok, and also DNS works fine as I see it finding the correct IP addresses on URL lookup. If I bring this down to Medium, everything works fine. Can anyone give me a reason why the basic HTML requests are being blocked with High setting? I thought this was the recommended setting for browsing the Internet? Thanks very much, Campbell
Next
MYTOB questions
by joshob » Thu, 02 Mar 2006 12:07:33 GMT
Re: MYTOB questions
by Volker Birk » Thu, 02 Mar 2006 18:56:08 GMT
What exactly is he measuring? Yours, VB. -- Wenn Du "Ich sehe die Mathematik als einzigen Bereich an, wo es klare Beweise gibt." und "Ich fuehle mich in einem Anzug unwohl." als Aussagen mit aequivalentem Meinungsinhalt betrachtest, hast Du mit Deinem Gleichnis recht. (Michail Bachmann zu Thomas Wallutis in d.a.s.r)
Re: MYTOB questions
by Somebody. » Sat, 04 Mar 2006 05:36:14 GMT
1. The "from" address is spoofed by this virus, is he sure it's coming from your IP address? He might be right, if he's looking at the actual transaction logs from his server and sees the source IP of the connections. (or the right fields in the header) 2. That virus uses it's own SMTP engine, and therefore will not use your Exchange server or your Symantec Mail Security program that runs there. Your PIX is the last line of defense if your desktop AV software has let you down. Does it (the PIX) know how to look in outbound SMTP email and scan it for viruses? If not, it's very possible that your PC is indeed sending this stuff out. Some versions of the mytob apparently do other sorts of connects (sql, network shares, half a dozen other various vulnerabilities) that again won't go through your mail security program, and will fall upon your PIX to block. -Russ.
Re: MYTOB questions
by joshob » Mon, 06 Mar 2006 12:29:08 GMT
Russ, Thanks for the comment, that's what I figured being that MyTob can make a host it's own SMTP server. What's the best way to configure my PIX so that my exchange can flow properly but block malicious SMTP traffic? Any suggestions are greatly appreciated.
4 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 36 guest