Re: firewall setup to prevent Mydoom virus
From: NeoSadist (neosad1st_at_charter.net)
Date: 02/01/04
- Next message: Jim Richardson: "Re: where is the worm ?"
- Previous message: ynotssor: "Re: where is the worm ?"
- In reply to: Rey Wang: "firewall setup to prevent Mydoom virus"
- Next in thread: Rey Wang: "Re: firewall setup to prevent Mydoom virus"
- Reply: Rey Wang: "Re: firewall setup to prevent Mydoom virus"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 01 Feb 2004 00:10:48 -0700
Rey Wang wrote:
> I have RH 9 as a Firewall.
> To protect machines behind it to get affect by Mydoom virus.
> What should I do?
> Any software should I install on the firewall server or all I need is
> email anti virus software? If I am using my ISP email server, what is
> the option I have here?
>
> Thanks
>
> Rey
(Only allow incoming pop / outgoing smtp, and only to the ip of your isp's
mail server. Also, all "NEW" state incoming should be ignored.)
First, you should use a firewall, whether hardware (on the router) or
software (on each client) or both.
Second, you should only allow incoming pop3 from your isp's known pop3
server (if this is work and you have your own pop3 server, then no incoming
or outgoing pop3 over the internet {WAN} side should be allowed).
Third, you should only allow outgoing smtp, and only to your isp's known
smtp server (etc).
You should run very good antivirus on all machines, and the scan should take
place some time when the machines aren't being used, at least once a day.
Keep your antivirus software up to date.
For example, this is a brief summary of how my iptables config should work.
This is in english, so it should be easy. I would tell iptables to:
1) Not allow any incoming or outgoing fragmented packets,
2) Drop all incoming and outgoing state INVALID,
3) Only allow incoming state ESTABLISHED and RELATED,
4) Only allow outgoing NEW, ESTABLISHED, and RELATED,
5) Only allow incoming pop3 from pop.charter.net (block all other pop3)
6) Only allow outgoing smtp to smtp.charter.net (block all other smtp)
This takes into account other rules which I think could possibly help
contribute to a more healthy, secure network.
--
"The algorithm to do that is extremely nasty. You might want to mug
someone with it."
-- M. Devine, Computer Science 340
- Next message: Jim Richardson: "Re: where is the worm ?"
- Previous message: ynotssor: "Re: where is the worm ?"
- In reply to: Rey Wang: "firewall setup to prevent Mydoom virus"
- Next in thread: Rey Wang: "Re: firewall setup to prevent Mydoom virus"
- Reply: Rey Wang: "Re: firewall setup to prevent Mydoom virus"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
