[wplug] Sasser Worm -- protection
Alexandros Papadopoulos
apapadop at cmu.edu
Mon May 3 17:43:31 EDT 2004
On Monday 03 May 2004 21:13, Brandon Kuczenski wrote:
> Inside my router/firewall (Redhat 9) I am running a windows machine.
> If I am concerned about protecting it from possibly infected
> computers that are brought INSIDE the firewall (like friends'
> laptops), is it sufficient for me to add an iptables rule in the
> FORWARD chain which DROPs packets sent to ports 5554, 9996, and 445?
I think it would be much simpler/safer to forward only the traffic you
want (no new connections reaching the M$ boxes, allow port 80 outgoing,
plus the replies back). Given that they use Mozilla and not IE, that
should be a decent setup.
As a bonus step, patch the boxes as detailed in
http://www.microsoft.com/security/incident/sasser.asp (which is,
interestingly, down at the moment).
-A
More information about the wplug
mailing list