Re: Blocking an arbitrary port with ipfwadm
Damon Muller [EMAIL PROTECTED] writes: What I want to do is use ipfwadm to block a single port - namely 31337 (UDP). For anyone who has had their head in the sand for the last few months, that's the port that Back Orrifice listens on by default. ipfwadm -I -a reject -P udp -D 192.168.20.0/24 31337 -o That's: -I = check incoming packets. -a reject = Let the sender know we're rejecting them. You can use -a deny instead to drop them silently. -P udp = UDP packets only. -D 192.168.20.0/24 31337 = destination anywhere on your network (fix this) on port 31337. Maybe 0.0.0.0/0 31337 to stop *your* users connecting to another BO server. -o = Log the address of the offender, so you can complain to their ISP. This will also drop some legitimate UDP comms, if something happens to grab port 31337 itself. I could live with this. -- Carey Evans http://home.clear.net.nz/pages/c.evans/ Is there anyone who actually believes that USAicans are so modest or intellectually honest as to be unable to find someone to sue? - Cameron Laird
Blocking an arbitrary port with ipfwadm
Hi Folks, Not sure if this has been covered before, and it isn't 100% debian-specific, but I thought some ipfwadm guru out there might be able to help a poor clueless idiot such as myself. What I want to do is use ipfwadm to block a single port - namely 31337 (UDP). For anyone who has had their head in the sand for the last few months, that's the port that Back Orrifice listens on by default. This isn't meant to be a full-on firewall at the moment, but I'd specifically like to block that port so someone doesn't hijack the Windoze machines of some of our more clueless ppp users. Any pointers would be very helpful (please don't just say RTFM - I did, but it didn't make too much sense to me). Thanks, damon -- Damon Muller | Did a large procession wave their torches ([EMAIL PROTECTED]) | As my head fell in the basket, Network Administrator | And was everyone dancing on the casket... EmpireNET | - TBMG, Dead