用access-list 對抗“沖擊波”病毒
最近“沖擊波”病毒”(WORM_MSBlast.A)開始在國內互聯網和部分專網上傳播。我以前在接入層做的access-list起了作用!
大家可以參考之
access-list 120 deny 53 any any
access-list 120 deny 55 any any
access-list 120 deny 77 any any
access-list 120 deny 103 any any
以上幾條慎用!
access-list 120 deny tcp any any eq echo
access-list 120 deny tcp any any eq chargen
access-list 120 deny tcp any any eq 135
access-list 120 deny tcp any any eq 136
access-list 120 deny tcp any any eq 137
access-list 120 deny tcp any any eq 138
access-list 120 deny tcp any any eq 139
access-list 120 deny tcp any any eq 389
access-list 120 deny tcp any any eq 445
access-list 120 deny tcp any any eq 4444//新加
access-list 120 deny udp any any eq 69 //新加
access-list 120 deny udp any any eq 135
access-list 120 deny udp any any eq 136
access-list 120 deny udp any any eq 137
access-list 120 deny udp any any eq 138
access-list 120 deny udp any any eq 139
access-list 120 deny udp any any eq snmp
access-list 120 deny udp any any eq 389
access-list 120 deny udp any any eq 445
access-list 120 deny udp any any eq 1434
access-list 120 deny udp any any eq 1433
access-list 120 permit ip any any
附錄:處理辦法!
**********************************
(1)對於未感染的主機:
建議安http://microsoft.com/technet/securi...p中指定的patch.
(2)對於已感染的系統:
可能無法從Microsoft升級補丁,建議用以下方式處理:
I. 斷掉機器的物理網絡連接。
II. 執行注冊表編輯命令:regedit, 檢查
"HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows
CurrentVersionRunwindows auto update" 中是
否存在 msblast.exe的鍵值,如果存在則刪除。
III.運行任務管理器,關閉msblast.exe進程。
IV.完成用下述兩種*作之一:
a.關閉DCOM: 設置HKEY_LOCAL_MACHINESOFTWAREMicrosoftOle
中EnableDCOM鍵值為N.
b.設置防火牆或Microsoft's Internet
Connection Filter (ICF)阻止Incoming方向的以下端口:
69/UDP 135/TCP 135/UDP 139/TCP
139/UDP 445/TCP 445/UDP 4444/TCP。
V. 重新聯接網絡,安裝http://microsoft.com/technet/securi...p中指定的patch.保留地址 。
