bugtraq worm
Mike Distefano
mdistefano at mjtek.com
Thu Sep 19 13:04:03 CDT 2002
Thanks to everyone who responded and helped me resolve my issue. The
resolution was to change the default policy to drop and then add the accept
rules.
Of couse other issues arose and I was able to reslove them with a little
probing. I found a pretty good resource for a Workstation IP tables setup
for RH 7.x at http://www.liniac.upenn.edu/sysadmin/iptables.html.
Thanks for all the help I recieved from the list.
Mike Distefano, MJ Technologies, Inc.
Ofc: 913-599-5526
Fax: 913-599-5528
Mobile: 913-568-4910
mdistefano at mjtek.com
>-----Original Message-----
>From: Andrew Bates [mailto:andrewb at litecode.net]
>Sent: Tuesday, September 17, 2002 1:04 PM
>To: mdistefano at mjtek.com
>Subject: Re: bugtraq worm
>
>
>move your 1st filter to the bottom... it's dropping everything even
>before it gets a chance to be checked by the other two filters.
>
>- andrew
>
>PS or you could get RID of the first chain and do iptables -P
>INPUT DROP
>
>Mike Distefano wrote:
>
>>I was hit with the bugtraq worm last Friday on a development
>system that had
>>an old version of Apache. I have since stopped apache and
>used iptables to
>>drop all packets coming in from my exposed lan card (eth1),
>so I only have
>>local lan access to the system (eth0).
>>
>>I've been trying to configure iptables to allow DNS traffic
>in and out of
>>eth1 but have had no success. I've configured to allow
>source/dest packets
>>from port 53 and but still cannot use DNS services. I'm on RH 7.2.
>>
>>Here is an output of iptables -L:
>>
>>Chain INPUT (policy ACCEPT)
>>target prot opt source destination
>>DROP all --- anywhere anywhere
>>ACCEPT udp --- anywhere
>anywhere udp dpt:domain
>>ACCEPT udp --- anywhere
>anywhere udp spt:domain
>>
>>I've also configured in addition with whats listed domain
>with tcp packets
>>and the nameserver port 42 with udp and tcp packets.
>>
>>Any ideas?
>>
>>Thanks,
>>
>>
>>Mike Distefano, MJ Technologies, Inc.
>>Ofc: 913-599-5526
>>Fax: 913-599-5528
>>mdistefano at mjtek.com
>>
>>
>>
>>
>majordomo at kclug.org
>>
>>
>>
More information about the Kclug
mailing list