Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
208
Views
1
Helpful
1
Replies

can IDS block netsky at all???

mcoenetwork
Level 1
Level 1

‎04-06-2004 02:46 PM - edited ‎03-09-2019 06:59 AM

I turned on the netsky signature, and turned tcp reset/shun/block ip, but I am still seeing ton of netsky infected emails coming into my network.

Labels:
0 Helpful
1 Reply 1

darin.marais
Level 4
Level 4

‎04-06-2004 10:09 PM

On Jan 28, 2004, 9:04am PST , mcerha of Cisco Systems Inc. answered a thread “MyDoom Virus and Blocking”.

“Blocking viruses with your firewall is a bad idea in general. First, it can result in legitimate email getting blocked if you block all traffic from the source. Also, SMTP servers are very dilligent about trying to deliver mail. They will periodically retry sending an email until it gets through. So, you might remove a block only to have it get through again later. Your assumption about the initial virus getting through is also most likely correct. Using TCP resets suffers from the same problems. The best defense against these types of threats is to update and use anti-virus software on your incoming and outgoing email gateways. The signatures we provide for these types of signatures are really best utilized to detect hosts that are already infected with the virus.”

Ref http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.eea922d/0

I hope that by reading this thread it may help you to answer your question regarding the blocking of email viruses

Customers Also Viewed These Support Documents