This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

packet rules for Worm what way?

Hi i am setting upp packetrules for Worm protection.

My setup is:

DHCP from ISP
NAT Masquerading

I have create ha Definition services like this:

rpcworm 3 tcp/udp 593 593

Then set packet rule:

INT_NETWORK_ rpcworm 3 any log drop

Is this the right thing to do with my config?

This thread was automatically locked due to age.

Parents

0 William Warren over 22 years ago

here is what i have

  Add Rule


From (Client)
   To (Server)
Service
   Action

... No. From (Client) Service To (Server) Action Command
1 { Private_Networks_-_RFC1918 } rpcworm 3 Any Drop edit del move
2 { Private_Networks_-_RFC1918 } rpc worm 2 Any Drop edit del move
3 { Private_Networks_-_RFC1918 } { netbios } Any Drop edit del move
4 { Private_Networks_-_RFC1918 } Any Any Allow edit del move

my rpc worms are defined as:
rpc worm netbios   tcp/udp   135:139   135:139
rpc worm 2   tcp   445   445
rpcworm 3   tcp/udp   593   593
Cancel
Vote Up 0 Vote Down

Cancel
0 BarryG over 21 years ago in reply to William Warren

Your source ports should be 1:65535...
although windows will only use the same source ports as the dest ports, the worms do not.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BarryG over 21 years ago in reply to William Warren

Your source ports should be 1:65535...
although windows will only use the same source ports as the dest ports, the worms do not.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data