[Techtalk] How to block Blaster Worm from iptables ?

perimorph perimorph at mindspring.com
Sat Aug 23 12:42:11 EST 2003

Brenda --

> A solid firewall should only open the ports that are absolutely required. 

Absolutely true.  :)  But it never hurts to explicitly block something
that's causing problems.  I think Mohammad's problem had more to do with
already-infected systems sending too much outgoing traffic, and it's
much more difficult to argue that all outgoing traffic should default to
being blocked.  Still, you're absolutely right when it comes to incoming
connections, though.

> Based on what I've read about Blaster, I believe that internal machines
> could only infect each other by first infecting a web server on the
> internal network.  I'm not sure this is possible, but I could be wrong.

I'll take your word on it, you've read more that I have on it.  ;)  But
it would still be a wise idea since there are plenty of other worms and
viruses running around.


More information about the Techtalk mailing list