Re: firewall setup to prevent Mydoom virus
From: Rey Wang (reywang_at_optonline.net)
Date: 02/02/04
- Previous message: Ben Measures: "Re: where is the worm ?"
- In reply to: NeoSadist: "Re: firewall setup to prevent Mydoom virus"
- Next in thread: Jack S. Lai: "Re: firewall setup to prevent Mydoom virus"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 02 Feb 2004 04:05:36 GMT
NeoSadist wrote:
> Rey Wang wrote:
>
>
>>I have RH 9 as a Firewall.
>>To protect machines behind it to get affect by Mydoom virus.
>>What should I do?
>>Any software should I install on the firewall server or all I need is
>>email anti virus software? If I am using my ISP email server, what is
>>the option I have here?
>>
>>Thanks
>>
>>Rey
>
>
> (Only allow incoming pop / outgoing smtp, and only to the ip of your isp's
> mail server. Also, all "NEW" state incoming should be ignored.)
> First, you should use a firewall, whether hardware (on the router) or
> software (on each client) or both.
> Second, you should only allow incoming pop3 from your isp's known pop3
> server (if this is work and you have your own pop3 server, then no incoming
> or outgoing pop3 over the internet {WAN} side should be allowed).
> Third, you should only allow outgoing smtp, and only to your isp's known
> smtp server (etc).
> You should run very good antivirus on all machines, and the scan should take
> place some time when the machines aren't being used, at least once a day.
> Keep your antivirus software up to date.
>
> For example, this is a brief summary of how my iptables config should work.
> This is in english, so it should be easy. I would tell iptables to:
>
> 1) Not allow any incoming or outgoing fragmented packets,
> 2) Drop all incoming and outgoing state INVALID,
> 3) Only allow incoming state ESTABLISHED and RELATED,
> 4) Only allow outgoing NEW, ESTABLISHED, and RELATED,
> 5) Only allow incoming pop3 from pop.charter.net (block all other pop3)
> 6) Only allow outgoing smtp to smtp.charter.net (block all other smtp)
>
> This takes into account other rules which I think could possibly help
> contribute to a more healthy, secure network.
>
Could you post what you have in your iptables?
And what steps I should do to install it..
Thanks
- Previous message: Ben Measures: "Re: where is the worm ?"
- In reply to: NeoSadist: "Re: firewall setup to prevent Mydoom virus"
- Next in thread: Jack S. Lai: "Re: firewall setup to prevent Mydoom virus"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
