Can Blaster disconnect a router ?

  • Thread starter Thread starter Tx2
  • Start date Start date
T

Tx2

I was talking to a guy today who said that they had had an infected
win2k machine on their network, which, when turned on and logged in,
cased the loss of the entire network's internet connectivity!

I was a bit puzzled by this, and checked the machine myself to find it
had got MS Blaster in Norton qaurantine...the idiots hadn't actually
virus checked it prior to adding it to their network incidentally.

The network is connected to the net via a router, and i'm more than
intrigued to know how the Blaster virus on one machine can take down a
whole network this way, when none of the other machines became infected.
 
On that special day, Tx2, ([email protected])
said...
The network is connected to the net via a router, and i'm more than
intrigued to know how the Blaster virus on one machine can take down a
whole network this way, when none of the other machines became infected.
Click to expand...


Blaster or Sasser?
It is probably not a broken router, but a network overload. See this
link:
http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.c.worm.html (one line)
Click to expand...


Gabriele Neukam

(e-mail address removed)
 
I was talking to a guy today who said that they had had an infected
win2k machine on their network, which, when turned on and logged in,
cased the loss of the entire network's internet connectivity!

I was a bit puzzled by this, and checked the machine myself to find it
had got MS Blaster in Norton qaurantine...the idiots hadn't actually
virus checked it prior to adding it to their network incidentally.

The network is connected to the net via a router, and i'm more than
intrigued to know how the Blaster virus on one machine can take down a
whole network this way, when none of the other machines became
Click to expand...
infected.

A NAT router can be attacked. But I don't think what you're explaining I
consider an attack on the router. I have heard of a worm infecting a
machine and that machine caused the network to be adversely affected, as
the machine with the worm sucked-up the bandwidth.

Duane :)
 
A NAT router can be attacked. But I don't think what you're explaining I
consider an attack on the router. I have heard of a worm infecting a
machine and that machine caused the network to be adversely affected, as
the machine with the worm sucked-up the bandwidth.

Duane :)
Click to expand...

Perhaps the nat router was a windows machine and got infected with
blaster (which was released on the inside of the network).

If blaster caused the router to crash, the network would go down. Right?
 
Perhaps the nat router was a windows machine and got infected with
blaster (which was released on the inside of the network).

If blaster caused the router to crash, the network would go down.
Right?
Click to expand...

You're most likely correct. However, one could set the machine to be kind
of like a Bastion Host situation I think stripping all vulnerable
applications and services off the machine and the O/S so that it couldn't
be attacked so easily.

The situation I speak on above was on a wireless router setup when the
infected machine logged on the network, it took over the bandwidth on the
LAN.

Duane :)
 
[ snippedy do-dah ]
However, one could set the machine to be kind
of like a Bastion Host situation I think stripping all vulnerable
applications and services off the machine and the O/S so that it couldn't
be attacked so easily.
[ chomp ]
Click to expand...

Or they could use linux, solaris or cisco routers instead of windows.
Stuff that "really needs to work" should not be done under windows :)
 
[ snippedy do-dah ]
However, one could set the machine to be kind
of like a Bastion Host situation I think stripping all vulnerable
applications and services off the machine and the O/S so that it
couldn't be attacked so easily.
[ chomp ]
Click to expand...

Or they could use linux, solaris or cisco routers instead of windows.
Stuff that "really needs to work" should not be done under windows :)
Click to expand...

That's why I have a WatchGuard. :)

Duane :)
 
infected.

A NAT router can be attacked. But I don't think what you're explaining I
consider an attack on the router. I have heard of a worm infecting a
machine and that machine caused the network to be adversely affected, as
the machine with the worm sucked-up the bandwidth.

Duane :)
Click to expand...


If the service is ADSL (slow upstream, fast downstream) a blaster
virus on one of the machines can cause very strange symptoms.
If you ping an outside numeric address it will look like
nothing is wrong but if you try to ping the DNS name it fails,
so you start troubleshooting it as a DNS problem......

you get the idea.

been there.
 
Back
Top