[Dshield] of linksys egress filtering and potential new Dshield client

Doug Douglass hostmaster at denverdata.com
Thu Oct 23 22:33:48 GMT 2003


I'm a humble newbe to Dshield and this list and it's sad it's taken me 
this long to find such a great resource.

We're currently use a linksys BEFSR81 router and I've culled the list 
archives for issues regarding this little device. A topic on egress 
filtering from earlier this year got my interest and I thought I'd share 
that you can accomplish a _little_ filtering of common trojans by 
setting up port filters on outbound traffic.

I've also taken a look at setting up static routes to squash outbound 
spoofed addresses, but alas, the little linky only allows rules based on 
the destination address, not the source. I've contacted support about 
either adding the source address to static routing rules or -- in the 
spirit of a simple SOHO device -- a simple check box that would squash 
such traffic. We'll see...

As for the potential of a new client, I've long used snmptrapd to log 
traps from the Linksys. So, I hacked the linksys dshield client to parse 
the trap log records for submission to dshield. I've submitted about 30 
days of logs over the last week with no rejected lines.

If you're interested in the client I'll turn in over to Johannes et al.

Cheers,
Doug




More information about the list mailing list