[Dshield] Is it possible to block http requests FROM particular ports?

security@admin.fulgan.com security at admin.fulgan.com
Wed Aug 8 13:07:10 GMT 2001

R> I see all the requests by the CodeRed worm come from many various
R> ports - is it possible to block requests from specific ports ?

No. As with most Internet protocols, the client will pickup the first
available local port above a certain number (don't remember the exact
number, but it's in the RFC) for it's client-side port. Therefore, you
can't block requests based on the source port because you have no way
of knowing wether it's a legitimate connection or not.

Good luck,

More information about the list mailing list