|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: compromised machines
soccer4net
netzero.com
Date: Fri Aug 27 2004 - 08:25:36 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
First of all, How are these machines connected to the internet? Are using NAT or PAT/NAT Overloading? Are they any services being forwarded through the firewall to these machines or are you allowing outbound traffic only?
If you are allowing any inbound services on the local network, that should be your first place to start. You can clean the other machines all day long and that first hole will allow an attacker to keep compromising them fairly easily.
If you are allowing outbound only on the internal LAN, look at past emails, and weblogs on infected machines, they may have been compromised through client software. Even with all IE patches installed there are plenty of malicious websites out there that can automatically infect machines browsing to them.
________________________________________________________________
The best thing to hit the Internet in years - NetZero HiSpeed!
Surf the Web up to FIVE TIMES FASTER!
Only $14.95/ month -visit www.netzero.com to sign up today!
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]