Re: netfitler against Trojans and worms

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Saad Faruque <faruque@gmail.com>
To: netfilter@lists.netfilter.org
Subject: Re: netfitler against Trojans and worms
Date: Mon, 5 Jul 2004 20:46:19 +0600	[thread overview]
Message-ID: <1d7da3f40407050746589209b5@mail.gmail.com> (raw)
In-Reply-To: <200407051510.06470.gdh@acentral.co.uk>

I did think of doing  it the other way around, but again i have to
list all the internet services that are being used which is also
changing continuously. but again well known ports can cause problem as
well. wouldn't it be nice if i am being able to detect them from the
port string type, flag, protocol .. with any or any of their
combination. more like a layer 7 filtering. im just trying to find a
smarter way of doing it, which will be more effective and could be
updated easily.
Regards,
Saad

On Mon, 5 Jul 2004 15:10:06 +0100, Gavin Hamill <gdh@acentral.co.uk> wrote:
> On Monday 05 July 2004 14:59, Saad Faruque wrote:
> 
> > i did find couple of sites ex.
> > (http://www.doshelp.com/trojanports.htm) which lists some ports. but i
> > really am not sure if u simply block all these ports if it will effect
> > my clients regular internet activity. any alternative suggestions are
> > also welcome :)
> 
> My suggestion would to stop fire-fighting and instead turn the problem on its
> head.
> 
> Change your default policy from ACCEPT to DROP, and put in rules so that
> people are allowed to access port 80, 443, etc. and only the ports they
> actually NEED access to.
> 
> Cheers,
> Gavin.
> 
>

next prev parent reply	other threads:[~2004-07-05 14:46 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-07-05 13:59 netfitler against Trojans and worms Saad Faruque
2004-07-05 14:10 ` Gavin Hamill
2004-07-05 14:46   ` Saad Faruque [this message]
2004-07-05 14:59     ` Gavin Hamill
2004-07-05 15:21   ` Antony Stone
2004-07-05 21:51     ` Saad Faruque

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1d7da3f40407050746589209b5@mail.gmail.com \
    --to=faruque@gmail.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.