Karl
Wed Sep 17 15:34:18 CDT 2003
Go to www.microsoft.com/security and click on Blaster for information.
At a minimum, install or enable a firewall on the computer that blocks port
135 [TCP, IIRC] before putting it on the network that contains other
infected or untrusted hosts to prevent infection. Even better, apply all
the necessary patches also first. Either you've got infected computers on
your network or your firewall at your network ingress / egress points
[internet, remote access, vpn, etc.] is nonexistent or not working.
www.kerio.com is a firewall that is free for personal use. Burn whatever
patches and software you need to a CD and don't plug the network cable into
the computer [unless it's a trusted lab cable not connected to other
untrusted hosts] until the computer is fully secure. This is good practice
all the time, not just for Welchia.
Other things you should consider doing before putting computers on the
network are listed at
http://securityadmin.info/faq.htm#harden
www.mcafee.com and www.sarc.com both have blaster / welchia removal tools
which should help you, but those do nothing to prevent immediate reinfection
if you haven't patched and firewalled.
"Chris Lisica" <clisica@combimatrix.com> wrote in message
news:uuLwAeVfDHA.2236@TK2MSFTNGP12.phx.gbl...
> Hello all,
>
> I am in search of a network tool that will tell me which computer on my
> network is infecting other computers with the welchia worm. Does this
exist?
> Every time I introduce a new computer onto the network, it instantly gets
> infected. Any ideas? Thanks.
>
> Chris
>
>