virus port list for 2.9.8

hmekolli · Sun Dec 04, 2005 3:29 am

I upgrade MT from 2.8.27 and now need if somebody have virus port list for vr. 2.9.8 . Now in firevall filter rules dont have nothing.

proxy · Sun Dec 04, 2005 11:48 pm

here:

add dst-address=:135-139 protocol=tcp action=drop comment="Drop Blaster Worm" \
    disabled=no 
add dst-address=:135-139 protocol=udp action=drop comment="Drop Messenger Worm" \
    disabled=no 
add dst-address=:445 protocol=tcp action=drop comment="Drop Blaster Worm" \
    disabled=no 
add dst-address=:445 protocol=udp action=drop comment="Drop Blaster Worm" \
    disabled=no 
add dst-address=:593 protocol=tcp action=drop comment="_______" disabled=no 
add dst-address=:1024-1030 protocol=tcp action=drop comment="_______" \
    disabled=no 
add dst-address=:1080 protocol=tcp action=drop comment="Drop MyDoom" \
    disabled=no 
add dst-address=:1214 protocol=tcp action=drop comment="_______" disabled=no 
add dst-address=:1363 protocol=tcp action=drop comment="ndm requester" \
    disabled=no 
add dst-address=:1364 protocol=tcp action=drop comment="ndr server" disabled=no 
add dst-address=:1368 protocol=tcp action=drop comment="screen cast" \
    disabled=no 
add dst-address=:1373 protocol=tcp action=drop comment="hromgrafx" disabled=no 
add dst-address=:1377 protocol=tcp action=drop comment="cichlid" disabled=no 
add dst-address=:1433-1434 protocol=tcp action=drop comment="Worm" disabled=no 
add dst-address=:2745 protocol=tcp action=drop comment="Bagle Virus" \
    disabled=no 
add dst-address=:2283 protocol=tcp action=drop comment="Drop Dumaru.Y" \
    disabled=no 
add dst-address=:2535 protocol=tcp action=drop comment="Drop Beagle" \
    disabled=no 
add dst-address=:2745 protocol=tcp action=drop comment="Drop Beagle.C-K" \
    disabled=no 
add dst-address=:3127-3128 protocol=tcp action=drop comment="Drop MyDoom" \
    disabled=no 
add dst-address=:3410 protocol=tcp action=drop comment="Drop Backdoor OptixPro" \
    disabled=no 
add dst-address=:4444 protocol=tcp action=drop comment="Worm" disabled=no 
add dst-address=:4444 protocol=udp action=drop comment="Worm" disabled=no 
add dst-address=:5554 protocol=tcp action=drop comment="Drop Sasser" \
    disabled=no 
add dst-address=:8866 protocol=tcp action=drop comment="Drop Beagle.B" \
    disabled=no 
add dst-address=:9898 protocol=tcp action=drop comment="Drop Dabber.A-B" \
    disabled=no 
add dst-address=:10000 protocol=tcp action=drop comment="Drop Dumaru.Y" \
    disabled=no 
add dst-address=:10080 protocol=tcp action=drop comment="Drop MyDoom.B" \
    disabled=no 
add dst-address=:12345 protocol=tcp action=drop comment="Drop NetBus" \
    disabled=no 
add dst-address=:17300 protocol=tcp action=drop comment="Drop Kuang2" \
    disabled=no 
add dst-address=:27374 protocol=tcp action=drop comment="Drop SubSeven" \
    disabled=no 
add dst-address=:65506 protocol=tcp action=drop comment="Drop PhatBot, Agobot, \
    Gaobot" disabled=no

samsoft08 · Mon Dec 05, 2005 1:30 am

i tried to post these lines in
ip firewall >
but
no such command or directory (dst-address)

fatonk · Mon Dec 05, 2005 12:28 pm

Try it on IP FIREWALL FILTER

Regards.

hmekolli · Mon Dec 05, 2005 12:55 pm

I put in /ip firevall filter but,
ip firewall filter> add dst-address=:135-139 protocol=tcp action=drop comment="Drop Blaster Worm" \
\... disabled=no
value of range must have ip address before '-'

Mon Dec 05, 2005 1:03 pm

why don't you try `dst-port` instead of `dst-address`? maybe start by trying to understand what the error messages are telling you

fatonk · Mon Dec 05, 2005 1:33 pm

you sholud specify dst-address=x.x.x.x/x dst-port=xxx and at the end chain=forward or input or output.

evert · Mon Dec 05, 2005 11:21 pm

Why drop TCP/2745 twice?

nowoxi · Thu Dec 08, 2005 2:11 am

yeah the problem is the chain u didnt specify it

virus port list for 2.9.8

virus port list for 2.9.8

Who is online