W32.Blaster.Worm is going around, and on my mixed network I have 2 Windows machines. Using IPTABLES, I drop (by default) all incoming packets from the internet including those for ports 69 UDP, 135-139 TCP, 444, 445 and 593 TCP. My FORWARD chain explicitly allows packets in on a per-service basis. I'm thinking maybe I better block outbound traffic on these ports too. Does doing this make any sense? Is there a way I can just monitor traffic on these ports for a while to get a sense of what is happening on my network? Thanks Bob Cochran
Attachment:
signature.asc
Description: This is a digitally signed message part
