Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

can IDS block netsky at all???

I turned on the netsky signature, and turned tcp reset/shun/block ip, but I am still seeing ton of netsky infected emails coming into my network.

1 REPLY
New Member

Re: can IDS block netsky at all???

On Jan 28, 2004, 9:04am PST , mcerha of Cisco Systems Inc. answered a thread “MyDoom Virus and Blocking”.

“Blocking viruses with your firewall is a bad idea in general. First, it can result in legitimate email getting blocked if you block all traffic from the source. Also, SMTP servers are very dilligent about trying to deliver mail. They will periodically retry sending an email until it gets through. So, you might remove a block only to have it get through again later. Your assumption about the initial virus getting through is also most likely correct. Using TCP resets suffers from the same problems. The best defense against these types of threats is to update and use anti-virus software on your incoming and outgoing email gateways. The signatures we provide for these types of signatures are really best utilized to detect hosts that are already infected with the virus.”

Ref http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.eea922d/0

I hope that by reading this thread it may help you to answer your question regarding the blocking of email viruses

75
Views
1
Helpful
1
Replies