blocking cmd.exe requests

Subject: blocking cmd.exe requests
From: Chris Hamilton (chris@digitalalaska.com)
Date: Wed Apr 10 2002 - 18:38:19 AKDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Eric Fortner: "Debian on Toshiba: greg it was boot disk you made....."
• Previous message: gaijin@gci.net: "RE: Cisco switches"

Thanks for all the suggestions.

What I did to fix my problem was to go and get a couple of scripts - you can
find here http://tb.tf/nimda-block/

They create a file called fwclean in the "/tmp" directory that is filled
with "/sbin/ipchains -I input -s 24.167.36.xxx -j DENY -l" commands for all
the offending IP's. It does all this on the web server though. I really
wanted to block it all at the firewall. So I kinda fixed a herky jerky way.
I ran the scripts above which output the fwclean file. I then scp'd that
file over to the firewall and ran it on that machine. Worked great. I'll
probably have to do this periodically to keep newly infected servers from
getting past the firewall. But it works for me.

Now I'm trying to figure out an easy way to automate this. Does anyone have
any suggestions? I'm running IPCop for the firewall. It doesn't have ftp
available, or smbfs. I couldn't figure out how to get scp to work without
asking for a password.

Thanks

Chris.

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.

• Next message: Eric Fortner: "Debian on Toshiba: greg it was boot disk you made....."
• Previous message: gaijin@gci.net: "RE: Cisco switches"

This archive was generated by hypermail 2a23 : Wed Apr 10 2002 - 18:34:31 AKDT