Blocking NTP won't solve the problem, it just avoids it for the time being. If you are mainly concerned with preventing the spread, block all outgoing access for SMTP, and only make exceptions for authorized mail servers on your network. (Assuming your mail servers aren't infected, and won't get infected)
Stefan "Curt Shaffer" <[EMAIL PROTECTED]> wrote on 12-15-2005 10:49:50 AM: > All, > > I am working on a plan to try and help minimize the effect of the possible > sober resurfacing on Jan. 5/6th. After reading the security focus article > that this worm relies on NTP to know when to release, I am wondering on the > feasibility of blocking NTP out to the internet that week except for the > certain devices that need it. Does anyone have input on this? > > Thanks > > Curt > > > > > > > > --------------------------------------------------------------------------- > --------------------------------------------------------------------------- > --------------------------------------------------------------------------- ---------------------------------------------------------------------------
