Re: malware and spam control

From: habibielwa7id <fouad012@xxxxxxxxx>
Date: Thu, 3 Dec 2009 00:15:28 -0800 (PST)

On Nov 22, 12:25 am, buck <b...@xxxxxxxxxxx> wrote:

Does anyone have experience with using iptables to control infected M
$ OS machines that get internet access by setting gateway to a Linux
box?

In my setup there is an access control list that uses nat and forward
rules to allow specific computers to access specified ports. Where
the M$ computer employs effective software to prevent infection, that
computer is allowed to use port 25, otherwise it either is not allowed
any internet access at all or the port list does not include port 25.

What I'd like to do is to allow even unprotected machines but drop
when iptables sees abuse. I prefer to use iptables only.

The main problem is in distinguishing between normal vesus infected
activity. Can anyone give examples, perhaps using "recent" matches,
that drop malware but allow normal activity? Can it even be done? Is
there A Better Way?
--
buck

-Since you mentioned port 25, I think your real ip addresses are black
listed and you want it not to be so you can send emails without being
blocked because of RPL, If so you can solve the problem by more than 1
method and you should choose to use 1 or all of them and this is the
best, You should use updated antivirus on the Windows boxes, Block
port 25 for all machines exept for the mail server of course, And use
port 587 "MSA" as the SMTP port for Outlook as this is the best way to
do it.
I advice you to install any good monitoring software on your Linux
Gateway like ntop, It will monitor the traffic per host and per
protocol, And so you can check what host is flooding your network with
bad traffic and fix it or clean it from viruses. Only 1 infected host
can halt your Gateway or Mail server. I saw that happened many times
before, I remember when only 1 infected host send my Mail server about
32,000 SPAM messages at once"It's a warm of course", Also too many
traffic can cause a DOS attach to your router and it will hang because
it will not be able to handle the heavy traffic.
Regards,
.

Prev by Date: Re: Richard Stallman On FOSS GNU And Freedom
Next by Date: Self Exam Engine Training - Lotus Certification | Lotus Questions and Answers
Previous by thread: Re: malware and spam control
Next by thread: Re: Richard Stallman On FOSS GNU And Freedom
Index(es):
- Date
- Thread

Relevant Pages

Gateway / Port redirection
... I am currently running freeBSD 4.8 on a box as ... a gateway for the house for internet access on dialup permanant IP ... that I would use FreeSCO as a NEW gateway / port ...
(freebsd-questions)
Re: Suggest firewall for Win98se+ICS(dialup)+NAV
... | handles inbound from the internet and outbound from the gateway box. ... Mine don't need Internet access _at_all_ from the main ... | I have four other machines behind the gateway, two 98se boxes, one WinXP ...
(comp.security.firewalls)
Re: malware and spam control
... $ OS machines that get internet access by setting gateway to a Linux ... any internet access at all or the port list does not include port 25. ... that drop malware but allow normal activity? ...
(comp.os.linux.security)
Re: Excellent Cable and DSL ISP List?
... You can share your connection with multiple machines either ... you can access all of your systems from the outside through secure shell. ... gateway and then connect to the other machines through the gateway ... configure it to use any port you want). ...
(comp.os.linux.misc)
Re: Why Windows wont use 2 connections...
... Not if both networks have Internet access - or, to put it differently, if ... you successfully bridge the networks, all machines will use the same ... Even when machines are configured with multiple default ... will only use one default gateway. ...
(microsoft.public.windowsxp.general)