Confused about LAN machines connecting through my FIREWALL to TROJAN servers.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi...

Im running iptables 1.2.7a with RedHat7.3(2.4.20). I have my rules posted here:
http://lists.netfilter.org/pipermail/netfilter/2003-June/044918.html

My question is...if my Windows machines behind the firewall/Router get infected with
a Trojan/Virus...and are trying to connect to there servers from my mahcine using
PORT 80 these rules of mine would not try to stop the connection from going through,
Right! Soo i was wondering what i could add to the Script to make it soo that if a
Trojan using port 80 to connect out does happen to get on my mahcine how would i
stop this. 

Cause yesterday i installed Kero Personal Firewall on my windows mahcine and set the
default OUTPUT rule to DROP and noticed WUAUCLT.exe trying to connect to PORT 80 to
some ip address  and i think it would have made it through. Here is one site that
said it was a VIRUS.
http://www.sophos.com/virusinfo/analyses/trojcultb.html

Can anyone explain to me a little better on how to stop these connectiions from
happening butyet still letting Netcape and IE and normal webrowsers through. Thanks
Guys!

Tasha@xxx<----

P.S.> Overall how secure do you boys think my script is? I know nothing is evn close
to %100 secure but do you notice somehting i could change or add that would help it.
I have this also at the begining.
# Enable broadcast echo protection
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts

# Disable source routed packets
for f in /proc/sys/net/ipv4/conf/*/accept_source_route; do
	echo 0 > $f
done

# Enable syn cookie protection.
echo 1 > /proc/sys/net/ipv4/tcp_syncookies

# Disable ICMP Redirect Acceptence
for f in /proc/sys/net/ipv4/conf/*/accept_redirects; do
	echo 0 > $f
done

# Drop spoofed packets comeing in on an interface, ehich if replied 
# to,would result the reply going out another interface.
for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
     echo 1 > $f
done

# Dont't send Redirect Messages
for f in /proc/sys/net/ipv4/conf/*/send_redirects; do
	echo 0 > $f
done

# Log packets with impossiable addreses.
for f in /proc/sys/net/ipv4/conf/*/log_martians; do
    echo 1 > $f
done


__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux