BLASTER invasion !

Hi 21,
What i need to do to block BLASTER worm ?

just set
BLASTER tcp port 1024:65535 135:137
and define a rule
from any to any drop

???
something else ???
tnks

Parents

0 Overnet over 21 years ago

Are your fw open to this ports?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 Overnet over 21 years ago

Are your fw open to this ports?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

0 bagira over 21 years ago in reply to Overnet

Overnet,
regardless of which port is open on the firewall. If there are packets e.g. from the outside, which doesn´t match to a ALLOW or DROP rule, the packets are shown in your kernel log. So your kernel log grows up. Even the port is closed, the dropped packets are shown in the kernel log.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Overnet over 21 years ago in reply to bagira

I have only one port open in my fw so i don´t need any rules to stop blaster worm i use proxy to conect to internet
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 bagira over 21 years ago in reply to Overnet

The meaning is that your packets are directly dropped and are not shown in the kernel logfile. Many users have the problem, that their logfile grows up and up ... and the partions gets full.With the drop entry, the packets are not shwon. But you are right, thats not coactive to set this rule, because the firewall is a firewall to block not allowed packets.
cheers
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel