[Dshield] Egress filtering

Johannes Ullrich jullrich at euclidian.com
Sun Mar 9 15:17:09 GMT 2003

do not forget port 445... see the "worm/virus of the day" exploiting
it. 445 has been popular for a while but it looks like someone
wrapped it into a worm.

On Sat, 8 Mar 2003 11:30:17 -0600
"Rick Leske" <rick at jaray.net> wrote:

> If you are limited to only a few filters IMHO I'd start with
> blocking ports 53, 113, 135-139.
> For a gnu/free solution that's not too hard to implement check out:
> http://www.famhost.com/support/pktfiltrer.zip and navigate 
> to this link: http://www.interhack.net/pubs/fwfaq/ for good info.

jullrich at euclidian.com             Collaborative Intrusion Detection
                                         join http://www.dshield.org

More information about the list mailing list