bugtraq worm
Mike Distefano
mdistefano at mjtek.com
Tue Sep 17 13:00:26 CDT 2002
I was hit with the bugtraq worm last Friday on a development system that had
an old version of Apache. I have since stopped apache and used iptables to
drop all packets coming in from my exposed lan card (eth1), so I only have
local lan access to the system (eth0).
I've been trying to configure iptables to allow DNS traffic in and out of
eth1 but have had no success. I've configured to allow source/dest packets
from port 53 and but still cannot use DNS services. I'm on RH 7.2.
Here is an output of iptables -L:
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP all --- anywhere anywhere
ACCEPT udp --- anywhere anywhere udp
dpt:domain
ACCEPT udp --- anywhere anywhere udp
spt:domain
I've also configured in addition with whats listed domain with tcp packets
and the nameserver port 42 with udp and tcp packets.
Any ideas?
Thanks,
Mike Distefano, MJ Technologies, Inc.
Ofc: 913-599-5526
Fax: 913-599-5528
mdistefano at mjtek.com
More information about the Kclug
mailing list