On Tue, Aug 12, 2003 at 10:42:38PM -0400, Robert L Cochran wrote: > W32.Blaster.Worm is going around, and on my mixed network I have 2 > Windows machines. Using IPTABLES, I drop (by default) all incoming > packets from the internet including those for ports 69 UDP, 135-139 TCP, > 444, 445 and 593 TCP. My FORWARD chain explicitly allows packets in on a > per-service basis. > > I'm thinking maybe I better block outbound traffic on these ports too. > Does doing this make any sense? This absolutely makes sense. You should only really allow outbound access on ports that you need. Don't forget about port 111 (RPC) for this particular worm. > Is there a way I can just monitor traffic on these ports for a while to > get a sense of what is happening on my network? The easiest is tcpdump, and this is included in Red Hat Linux distros. -- Ed Wilts, Mounds View, MN, USA mailto:ewilts@xxxxxxxxxx Member #1, Red Hat Community Ambassador Program -- Shrike-list mailing list Shrike-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/shrike-list
