I have a half finished presentation on doing protocol analysis with your access point and it involves this virus and other things ... it does involve snort however (www.snort-wireless.org), your case is a good example of IDS over IPS, but it normally does have to involve another machine to "filter" content through, in which case most people don't normally do - since the applications don't come with todays common residential access points.
DSL -> AP -> FILTER -> SWITCH/HUB Im hoping to finished this presentation + show off the customized Linksys AP w/ Snort (im sure Pebble/Soekris could be made to do the same exact thing) - Jon On Wednesday 12 November 2003 20:36, John Klos wrote: > Hi, > > I was wondering what other node owners are doing about the recent > onslaught of Windows viruses and worms. I've been seeing more and more > machines trying to open literally 10,000 connections on the Internet per > minute (and filling up the NAT state table), and it seems due to the > Welchia virus. > > Between this and the viruses / worms which flood our email boxes with > "Current Network Security Update" emails, it seems we are suck constantly > administering to the lowest common denominator. I do not own any Microsoft > products, but I am constantly bombarded with Microsoft problems. > > So what are other people doing to reduce this deluge of garbage? I did not > want to block outgoing access to port 25 from my free networks, but I was > forced to do so; I do not like limiting the kinds of traffic that people > can use from the free networks, but if I don't, then a few people with > viruses can clog the whole connection for everyone else. > > What are other people doing? > > John Klos > Sixgirls Computing Labs -- pgp key: http://www.jonbaer.net/jonbaer.asc fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47 -- NYCwireless - http://www.nycwireless.net/ Un/Subscribe: http://lists.nycwireless.net/mailman/listinfo/nycwireless/ Archives: http://lists.nycwireless.net/pipermail/nycwireless/
