[Techtalk] How to block Blaster Worm from iptables ?
Mohammad Shakir
shakirz1 at hotmail.com
Sat Aug 23 08:36:12 EST 2003
Dear Friends,
I am running Red Hat Linux 7.3 as a server and using squid for proxy server.
My clients have windows 2000 and they are infacted with virus "Blaster
Worm", I think this worm attack on port 153 and its new version attack on
port 707.
When I block these client my network works very well but when I unblock them
then my client send too much request to my ISP in which result my network
goes too slow.
I am sending herewith my script.
any idea how I can block this virus?
# Flush all Rules
/sbin/iptables --flush
/sbin/iptables --table nat --flush
/sbin/iptables --delete-chain
/sbin/iptables --table nat --delete-chain
# for transprent proxy
/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
--to-port 3128
# for MASQUREADE
/sbin/iptables --table nat --append POSTROUTING -s 192.168.0.0/24
--out-interface ppp0 -j MASQUERADE
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A INPUT -m state --state NEW -i ! ppp0 -j ACCEPT
/sbin/iptables -P INPUT DROP #only if the first two are succesful
/sbin/iptables -A FORWARD -i ppp0 -o ppp0 -j REJECT
echo "1" > /proc/sys/net/ipv4/ip_forward
Mohammad Shakir
Fattani Computers
Shop No.G-178, Ground Floor,
Jillani Centre, M.W. Tower, M.A. Jinnah Road,
Karachi, Pakistan.
Phone: 2472647, 0300-2192007
Web : http://www.fattanis.cjb.net
_________________________________________________________________
Tired of spam? Get advanced junk mail protection with MSN 8.
http://join.msn.com/?page=features/junkmail
More information about the Techtalk
mailing list