[wplug] Sasser Worm -- protection
Devin Lee Drew
dLd at pobox.com
Tue May 4 14:04:59 EDT 2004
On May 3, 2004, at 9:43 PM, Brandon Kuczenski wrote:
> Thanks for the overview... still learning about security... For
> example, I
> had never considered that it was my obligation as a router
> administrator
> to block outgoing packets even if "my" machines weren't generating
> them --
> but it makes good sense.
>
You are by no means obligated, and if there is only 1 windows box
behind your firewall then your effort / potential public benefit ratio
is going to be high. ;)
> If I am using IP Masquerading, then (True or False:) DROPping port-445
> packets on the FORWARD chain would NOT block them from the outside
> world?
It can be helpful to draw things when you're considering this stuff. I
don't have the binary answer for you here but someone else may.
Importantly, you've got to be unambiguous about what "NOT block them
from the outside world" means. I think that you could drop them on
either the FORWARD or OUTPUT chain, though the FORWARD chain is
conventionally where you have your masquerading rules. Either way, test
it with telnet somehost.com 445 and then look at the packet filter logs
to make sure that it is dropped. I think that you can use netcat in a
similar way to test udp packets.
>
> What about requests coming IN from the outside world via mangled
> packets
> for masqueraded machines? Would it block those? Because the person
> in
> question is trying to connect to her work's VPN and failing. Would a
> FORWARD rule affect that?
If you haven't diverged too much from your distro's rules, then I
would't worry about it. Look at the manual for your friend's VPN
software and read about connecting through firewalls. If anything needs
to be done, then it will tell her what she needs to request of the
firewall admin -- who is you.
>> Have you considered running snort on your gateway?
>>
>
> Mmm? Vat ees?
C'est un système de détection d'intrusion. Signature-basé.
cheers,
Devin
More information about the wplug
mailing list