I have it set to:
ipfwadm -I -a deny -P udp -S 0.0.0.0/0 -D 0.0.0.0/0 31337
and
ipfwadm -O -a deny -P udp -S 0.0.0.0/0 -D 0.0.0.0/0 31337
but this isn't full proof because the port is user defined, 31337 is just
the default.
On Wed, 17 Feb 1999, William Stearns wrote:
>
> Good day, Dejan,
>
> On Wed, 17 Feb 1999, Dejan Rackov wrote:
>
> > does anyone know how to protect the masq LAN clients (m$
> > Min) against Back Orifice attacks, and how to block masq
> > clients to attacks someone else on Internet.
>
> To prevent attacks in both directions, use:
> /sbin/ipfwadm -I -i deny -D 0/0 31337 -P udp
> To also prevent netbus (another NT trojan) attacks, use
> /sbin/ipfwadm -I -i deny -D 0/0 12345 -P tcp
> /sbin/ipfwadm -I -i deny -D 0/0 12346 -P tcp
>
> For ipchains firewalls, use:
> /sbin/ipchains -I input -d 0/0 31337 -p udp -j DENY
> /sbin/ipchains -I input -d 0/0 12345 -p tcp -j DENY
> /sbin/ipchains -I input -d 0/0 12346 -p tcp -j DENY
>
> There may be syntax errors in the ipfwadm command - I don't have
> access to an ipfwadm machine right now. This also assumes that they use
> the standard ports for those attacks.
> Cheers,
> - Bill
>
> ---------------------------------------------------------------------------
> Unix _is_ user friendly. It's just very selective about who its friends
> are. And sometimes even best friends have fights.
> William Stearns ([EMAIL PROTECTED])
> Mason, Buildkernel, and named2hosts are at: http://www.pobox.com/~wstearns
> ---------------------------------------------------------------------------
>
>
>
> _______________________________________________
> Masq maillist - [EMAIL PROTECTED]
> http://tiffany.indyramp.com/mailman/listinfo/masq
> Admin requests can be handled by web (above) or [EMAIL PROTECTED]
>
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
http://tiffany.indyramp.com/mailman/listinfo/masq
Admin requests can be handled by web (above) or [EMAIL PROTECTED]
