thanks a lot!
fooler <[EMAIL PROTECTED]> wrote:
----- Original Message -----
From: "Samuel Philip Gilera Hayag" <[EMAIL PROTECTED]>
To: "Philippine Linux Users Group Mailing List" <[EMAIL PROTECTED]>
Sent: Thursday, February 12, 2004 3:46 PM
Subject: Re: [plug] blocking dcc for mirc question...
> hey dude, use iptables to block outgoing connections to dcc ports, i
> think its 1024 - 5000
dont do that... you will going to block legitimate traffic in your
network...
dcc uses direct tcp connection between the two chatters... the initiator
used INADDR_ANY and port 0 to connect to the other side... which means.. it
will use tcp protocol and bind it to ip address 0.0.0.0 and listen to the
next available ephemeral port in your system.... therefore you cannott
easily block dcc connection thru ip address and port number...
there are two kinds of dcc connection.... dcc chat and dcc send.... in order
to block it... you need a firewall that can inspect a tcp packet and look
for the string "dcc chat" or "dcc send" and block it...
you can use snort intrusion detection system and put it on your gateway in
order to detect and block it...
since you are planning to block only dcc file transfer and not dcc chat...
here is a sample of snort signature to detect dcc file transfer...
http://www.snort.org/snort-db/sid.html?sid=1639
fooler.
--
Philippine Linux Users' Group (PLUG) Mailing List
[EMAIL PROTECTED] (#PLUG @ irc.free.net.ph)
Official Website: http://plug.linux.org.ph
Searchable Archives: http://marc.free.net.ph
.
To leave, go to http://lists.q-linux.com/mailman/listinfo/plug
.
Are you a Linux newbie? To join the newbie list, go to
http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
Do you Yahoo!?
Yahoo! Finance: Get your refund fast by filing online
-- Philippine Linux Users' Group (PLUG) Mailing List [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) Official Website: http://plug.linux.org.ph Searchable Archives: http://marc.free.net.ph . To leave, go to http://lists.q-linux.com/mailman/listinfo/plug . Are you a Linux newbie? To join the newbie list, go to http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
