NetFilter
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Blocking SMTP Worm

from [R. DuFresne] [Permanent Link][Original]
To: Juan Carlos Peláez Mendoza <jcpelaez@gmail.com>
Subject: Re: Blocking SMTP Worm
From: "R. DuFresne" <dufresne@sysinfo.com>
Date: Tue, 31 Oct 2006 19:54:11 +0000 (UTC)
Cc: netfilter@lists.netfilter.org
Delivered-to: sp-com-lists@consult.net
Delivered-to: netfilter-list1@securepoint.com
In-reply-to: <19fb1ac90610240654x44bdd20em7e04b21469739a10@mail.gmail.com>
List-archive: </pipermail/netfilter>
List-help: <mailto:netfilter-request@lists.netfilter.org?subject=help>
List-id: General discussion and user questions <netfilter.lists.netfilter.org>
List-post: <mailto:netfilter@lists.netfilter.org>
List-subscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=subscribe>
List-unsubscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=unsubscribe>
Organization: sysinfo.com
References: <19fb1ac90610240653x69cc1951g9766d7c809ddecef@mail.gmail.com> <19fb1ac90610240654x44bdd20em7e04b21469739a10@mail.gmail.com>
Sender: netfilter-bounces@lists.netfilter.org 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 24 Oct 2006, Juan Carlos Peláez Mendoza wrote:


Hi list,

My IP Address have been listed in the RBL's too many times, I
installed into my linux box MailScanner + Spamassassin + Clamavmodule
+ FProt, I set up the iptables rules allowing only smtp, pop and ssh
traffic, but when I see the traffic with tcpdump I see this strange
behavior:


                [SNIP]


What can I do to stop and block this worm???
Wipe out the OS on 192.168.0.92, reinstall from scratch and apply all patches and updates prior to exposing to the internet. that should clear up the sapm worm. 

Thanks,


Ron DuFresne
- -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A  E838 B2DF AFCC 94B0 6629

...We waste time looking for the perfect lover
instead of creating the perfect love.

                -Tom Robbins <Still Life With Woodpecker>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFR6nnst+vzJSwZikRAnNPAJ9F4HQkzAQjkKSaNVr6+uNg4FE44ACfSsDf
CrGJLJ9MZPZbV1wJu76Faos=
=4IZ+
-----END PGP SIGNATURE-----
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • Re: Blocking SMTP Worm, R. DuFresne <=
Previous by Date:  Re: Does anyone have the tool which could be used for protocol transmission?, G.W. Haywood
Next by Date:  Re: iptables: Unknown error 4294967295, Alan Ezust
Previous by Thread:  Re: Does anyone have the tool which could be used for protocol transmission?, G.W. Haywood
Next by Thread:  Re: iptables: Unknown error 4294967295, Alan Ezust
Indexes:  [Date] [Thread] [Top] [All Lists]