Firewall Wizards mailing list archives

Re: Blocking MS Blaster

From: Martin Peikert <lists () nolog org>
Date: Fri, 15 Aug 2003 16:19:32 +0200

arnaud DUPUIS wrote:

${FW} -A inet-lan -p tcp -m multiport --dports 135,137,139,445,593,69,4444 -jDROP${FW} -A inet-lan -p udp -m multiport --dports 135,137,139,445,593,69,4444 -jDROP${FW} -A lan-inet -p tcp -m multiport --dports 135,137,139,445,593,69,4444 -jDROP${FW} -A lan-inet -p udp -m multiport --dports 135,137,139,445,593,69,4444 -jDROP

If your firewall is set to be the default gw in your lan, I would addsuch rules for lan-lan too. Laptops connected to the internet elsewhereand then attached to your lan could possibly infect your lan...


GTi

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Blocking MS Blaster arnaud DUPUIS (Aug 15)
- Re: Blocking MS Blaster Martin Peikert (Aug 18)
  - Re: Blocking MS Blaster Martin Peikert (Aug 18)
- <Possible follow-ups>
- RE: Blocking MS Blaster Dave Killion (Aug 15)
  - RE: Blocking MS Blaster --> filter outbound access Frank Knobbe (Aug 17)