> Very simple script to insert a firewall rule for every matching IP:
>
> # (run in a loop)
> tcpdump -nlpi ppp0 port 123 and dst host 1.2.3.4 -c 100 > queue
> for x in `grep "client, strat 0, poll 0, prec 0" queue | awk '{print $3}' | c
> ut -d '.' -f 1-4`; do
> grep $x banned &>/dev/null || (echo $x | tee -a banned; iptables -I
> INPUT -s $x -j NTP)
> done
Maybe I'm missing something, but what's the point of doing this? Do we
know the virus stops polling, or changes its behaviour in any way when
faced with such a block?
Cheers,
- Joel
_______________________________________________
timekeepers mailing list
[email protected]
https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
