On Jan 28, 2004, 9:04am PST , mcerha of Cisco Systems Inc. answered a thread MyDoom Virus and Blocking.
Blocking viruses with your firewall is a bad idea in general. First, it can result in legitimate email getting blocked if you block all traffic from the source. Also, SMTP servers are very dilligent about trying to deliver mail. They will periodically retry sending an email until it gets through. So, you might remove a block only to have it get through again later. Your assumption about the initial virus getting through is also most likely correct. Using TCP resets suffers from the same problems. The best defense against these types of threats is to update and use anti-virus software on your incoming and outgoing email gateways. The signatures we provide for these types of signatures are really best utilized to detect hosts that are already infected with the virus.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...