Menu
Media releases are provided as is by companies and have not been edited or checked for accuracy. Any queries should be directed to the company itself.

Packeteer Detects and Controls the W32/Blaster Worm and DoS Attack

  • 15 August, 2003 16:13

<p>PacketShaper solutions from Packeteer (NASDAQ: PKTR) may be useful in detecting whether organisations have infected machines on their networks and/or limiting the impact of it on other network resources.</p>
<p>In addition, PacketShaper can limit the denial of service (DoS) attack’s impact on networks by detecting and controlling traffic to windowsupdate.microsoft.com. PacketShaper can find out which hosts are generating the most requests to windowsupdate.microsoft.com, and the network administrator can take actions to control them as compromised hosts.</p>
<p>PacketShaper can automatically detect all of the protocols used for the worm -- TFTP, DCOM, NetBIOS-IP, Microsoft-ds, and TCP_Port_4444. (The actual NetBIOS-IP service that may be compromised is the NetBIOS-IP-SSN service.) In addition, PacketShaper offers control mechanisms for these traffic types, whether you want to deny or throttle them down.</p>
<p>With PacketShaper’s built-in reporting mechanisms, administrators can easily identify compromised hosts (by looking for the TCP port 4444 traffic in combination with TFTP and DCOM, a sure sign of a compromised host). All you'd have to do is track anyone using 4444, source or destination, and shut them down.</p>
<p>There are several administrative approaches Packeteer customers can take to detect W32/Blaster traffic on your network, including:</p>
<p>· Create a class for TCP port 4444 and monitor its class hits. Use the traffic flow command to discover which hosts on your network are infected by seeing what machines are communicating on this port.</p>
<p>· Use PacketWise reporting to create a historical report on the TFTP class (if one exists) and look for traffic spikes in this class.</p>
<p>· Monitor the DCOM class for traffic entering and exiting the WAN link. (Most applications or services that use DCOM do not travel over a WAN link).</p>
<p>· Create a separate class for the service NetBIOS-IP-SSN. This service is normally part of the NetBIOS-IP service; however, in order to view any anomalies, you will want to view it separately from its parent service.</p>
<p>ABOUT PACKETEER
Based in Cupertino, Calif., Packeteer (NASDAQ: PKTR) is a leading provider of application traffic management systems designed to enable businesses to gain visibility and control of networked applications, extend network resources and align application performance with business priorities. For service providers, Packeteer systems provide a platform for delivering application-intelligent network services that control quality of service, expand revenue opportunities and offer compelling differentiation.</p>
<p>The company’s products are sold through more than 100 resellers, distributors and system integrators in more than 50 countries. For more information, visit the company’s web site at www.packeteer.com.</p>
<p>MEDIA CONTACT:
Chris Bowes
Bowes Communications
+61 (0)2 9387 2332
cbowes@ozemail.com.au</p>

Most Popular

Market Place