[Techtalk] How to block Blaster Worm from iptables ?

Mohammad Shakir shakirz1 at hotmail.com
Sat Aug 23 08:36:12 EST 2003

Dear Friends,
I am running Red Hat Linux 7.3 as a server and using squid for proxy server.
My clients have windows 2000 and they are infacted with virus "Blaster 
Worm", I think this worm attack on port 153 and its new version attack on 
port 707.
When I block these client my network works very well but when I unblock them 
then my client send too much request to my ISP in which result my network 
goes too slow.
I am sending herewith my script.
any idea how I can block this virus?

#  Flush all Rules
/sbin/iptables --flush
/sbin/iptables --table nat --flush
/sbin/iptables --delete-chain
/sbin/iptables --table nat --delete-chain
#  for transprent proxy
/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT 
--to-port 3128

/sbin/iptables --table nat --append POSTROUTING -s 
--out-interface ppp0 -j MASQUERADE
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A INPUT -m state --state NEW -i ! ppp0 -j ACCEPT
/sbin/iptables -P INPUT DROP   #only if the first two are succesful
/sbin/iptables -A FORWARD -i ppp0 -o ppp0 -j REJECT

echo "1" > /proc/sys/net/ipv4/ip_forward

Mohammad Shakir
Fattani Computers
Shop No.G-178, Ground Floor,
Jillani Centre, M.W. Tower, M.A. Jinnah Road,
Karachi, Pakistan.
Phone: 2472647, 0300-2192007
Web : http://www.fattanis.cjb.net

Tired of spam? Get advanced junk mail protection with MSN 8. 

More information about the Techtalk mailing list