[fw-wiz] Blocking MS Blaster

From: arnaud DUPUIS (arno.dupuis_at_wanadoo.fr)
Date: 08/14/03

  • Next message: bit_suryanto80_at_yahoo.com.sg: "[fw-wiz] CP Vs SonicWall Vs PIX Vs Netscreen Vs Symantec"
    To: "fw-wizz" <firewall-wizards@honor.icsalabs.com>
    Date: Thu, 14 Aug 2003 18:37:50 +0200
    
    

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Hi list,
    I would like to know how did you have try to block the MS Blaster worm ?
    Personnaly I've had those line to my Netfilter's script :
    echo "* Protection against MS Blaster"
    ${FW} -A inet-lan -p tcp -m multiport --dports 135,137,139,445,593,69,4444 -j
    DROP
    ${FW} -A inet-lan -p udp -m multiport --dports 135,137,139,445,593,69,4444 -j
    DROP
    ${FW} -A lan-inet -p tcp -m multiport --dports 135,137,139,445,593,69,4444 -j
    DROP
    ${FW} -A lan-inet -p udp -m multiport --dports 135,137,139,445,593,69,4444 -j
    DROP

    My firewall is base on a Slackware Linux with grsecurity patch (kernel
    2.4.20).
    Have you a better solution ?

    Greetz and regards
    Arnaud
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.1 (GNU/Linux)

    iD8DBQE/O7roNG3DWex93LoRAjCiAJ9Aj6gL+aoK4J+1gvVHzz+85MZn3ACfbQ/g
    Zv5tifEWPRXdbelgz9gBokw=
    =OgLX
    -----END PGP SIGNATURE-----

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: bit_suryanto80_at_yahoo.com.sg: "[fw-wiz] CP Vs SonicWall Vs PIX Vs Netscreen Vs Symantec"

    Relevant Pages