MUM 2010
It is currently Tue Feb 09, 2010 5:11 am

All times are UTC + 2 hours [ DST ]




Post new topic Reply to topic  [ 5 posts ] 
Author Message
 Post subject: how to stop viruses !!
PostPosted: Mon Oct 16, 2006 7:41 pm 
Offline
Member Candidate
Member Candidate

Joined: Fri Sep 16, 2005 4:21 am
Posts: 109
Location: Nicaragua
Hello,
How can I make my MT stop viruses from coming into my network? There are some hardware that do this but are very expensive. Can MT do this? Check and stop viruses?

thanks


Top
 Profile  
 
 Post subject:
PostPosted: Tue Oct 17, 2006 2:40 am 
Offline
Member Candidate
Member Candidate
User avatar

Joined: Sat May 29, 2004 12:49 am
Posts: 197
Location: Paso de los Libres, Corrientes, Argentina
Hi, i created these 2 simple rules for firewall forward and this work very fine...... do not say it to anybody ;) :D

2 ;;; BLOCK SPAMMERS OR INFECTED USERS
chain=forward protocol=tcp dst-port=25 src-address-list=spammer
action=drop

3 ;;; Detect and add-list SMTP virus or spammers
chain=forward protocol=tcp dst-port=25 connection-limit=30,32 limit=50,5 src-address-list=!spammer action=add-src-to-address-list
address-list=spammer address-list-timeout=1d

When detect an infected user with a worm or doing spamming this rule add this user to a spammer list and block the STMP outgoing for 1 day ;)

Regards!
Alessio

_________________
Alessio Garavano
http://www.isparg.com.ar


Top
 Profile  
 
 Post subject:
PostPosted: Tue Oct 17, 2006 12:55 pm 
Offline
Staff
Staff
User avatar

Joined: Tue Feb 14, 2006 10:46 am
Posts: 2144
Location: Riga, Latvia
you can drop common ports, that are used bu viruses.
you have to chekc new connections only.

and you can never be sure - if one of your customers is infected?

only thing that can be done - educate your users.


Top
 Profile  
 
 Post subject: Re: how to stop viruses !!
PostPosted: Sat Dec 15, 2007 2:19 am 
Offline
Member Candidate
Member Candidate
User avatar

Joined: Mon Sep 12, 2005 12:26 am
Posts: 254
Location: Serbia
Do you get "innocent" users to your black list? I know some of my users and I know their computers are clean of viruses, but some of the still get on the black list sometimes. Is it just a aggresive mail clients or what? Is it maybe possible to tweak these parameters better? I mean number of connections and packets per socond.


Top
 Profile  
 
 Post subject: Re:
PostPosted: Tue Mar 18, 2008 1:05 pm 
Offline
Member Candidate
Member Candidate

Joined: Thu May 17, 2007 4:25 pm
Posts: 165
Alessio Garavano wrote:
Hi, i created these 2 simple rules for firewall forward and this work very fine...... do not say it to anybody ;) :D

2 ;;; BLOCK SPAMMERS OR INFECTED USERS
chain=forward protocol=tcp dst-port=25 src-address-list=spammer
action=drop

3 ;;; Detect and add-list SMTP virus or spammers
chain=forward protocol=tcp dst-port=25 connection-limit=30,32 limit=50,5 src-address-list=!spammer action=add-src-to-address-list
address-list=spammer address-list-timeout=1d

When detect an infected user with a worm or doing spamming this rule add this user to a spammer list and block the STMP outgoing for 1 day ;)

Regards!
Alessio



this rule work very well?


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 5 posts ] 

All times are UTC + 2 hours [ DST ]


Who is online

Users browsing this forum: 0ldman, MSNbot Media, netrat, wa4zlw and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
MUM Poland and MUM China free REGISTRATION OPEN