netfitler against Trojans and worms

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Saad Faruque <faruque@gmail.com>
To: netfilter@lists.netfilter.org
Subject: netfitler against Trojans and worms
Date: Mon, 5 Jul 2004 19:59:03 +0600	[thread overview]
Message-ID: <1d7da3f40407050659476384b7@mail.gmail.com> (raw)

Hello List,
We are having a windows network (our clients network) with private ip
address with a linux gateway. The linux box is doing SNAT for all
(windows network) users, that means its forwarding all the users
request to the Internet. But the problem is the internal windows
network is effected by all different kind of worms and Trojans, which
are coursing a huge amount of unwanted upload/requests to Internet. 
remember these are the workstations we don't have total control over.
Securing these windows work stations is some thing which we cant very
easily do.
So we are currently protecting these stations with simple netfilter
rulez such as
iptables -A FORWARD -p tcp --dport 135 -j DROP
iptables -A FORWARD -p udp --dport 1025 -j DROP
.
.
.
.
iptables -A FORWARD -p tcp --dport 1214 -j DROP
iptables -A FORWARD -p udp --dport 3127:3198 -j DROP
which are some commonly used virus ports.
my question if there any such project or document  which lists all the
well known virus ports, virus detection signature which i can use with
string serch or from port and tcp flag.
i did find couple of sites ex.
(http://www.doshelp.com/trojanports.htm) which lists some ports. but i
really am not sure if u simply block all these ports if it will effect
my clients regular internet activity. any alternative suggestions are
also welcome :)

Regards,
Saad Faruque.

next             reply	other threads:[~2004-07-05 13:59 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-07-05 13:59 Saad Faruque [this message]
2004-07-05 14:10 ` netfitler against Trojans and worms Gavin Hamill
2004-07-05 14:46   ` Saad Faruque
2004-07-05 14:59     ` Gavin Hamill
2004-07-05 15:21   ` Antony Stone
2004-07-05 21:51     ` Saad Faruque

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1d7da3f40407050659476384b7@mail.gmail.com \
    --to=faruque@gmail.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.