[Dshield] of linksys egress filtering and potential new Dshield client
hostmaster at denverdata.com
Thu Oct 23 22:33:48 GMT 2003
I'm a humble newbe to Dshield and this list and it's sad it's taken me
this long to find such a great resource.
We're currently use a linksys BEFSR81 router and I've culled the list
archives for issues regarding this little device. A topic on egress
filtering from earlier this year got my interest and I thought I'd share
that you can accomplish a _little_ filtering of common trojans by
setting up port filters on outbound traffic.
I've also taken a look at setting up static routes to squash outbound
spoofed addresses, but alas, the little linky only allows rules based on
the destination address, not the source. I've contacted support about
either adding the source address to static routing rules or -- in the
spirit of a simple SOHO device -- a simple check box that would squash
such traffic. We'll see...
As for the potential of a new client, I've long used snmptrapd to log
traps from the Linksys. So, I hacked the linksys dshield client to parse
the trap log records for submission to dshield. I've submitted about 30
days of logs over the last week with no rejected lines.
If you're interested in the client I'll turn in over to Johannes et al.
More information about the list