Scribd Logo
Încărcați

Bine ați venit la Scribd!

  • Rules

    Încărcat de

    Juanjo Alonso
    26 vizualizări15 pagini

    Drepturi de autor

    © Attribution Non-Commercial (BY-NC)

    Formate disponibile

    ODT, PDF, TXT sau citiți online pe Scribd

    Vi se pare util acest document?

    Este necorespunzător acest conținut?

    Raportați acest document

    Drepturi de autor:

    Attribution Non-Commercial (BY-NC)
    Descărcați ca ODT, PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    26 vizualizări15 pagini

    Rules

    Încărcat de

    Juanjo Alonso

    Drepturi de autor:

    Attribution Non-Commercial (BY-NC)
    Descărcați ca ODT, PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    din 15

    /ip firewall filter add action=accept chain=forward comment="Accepting already new connections" \ connection-state=new disabled=no add action=accept chain=forward

    comment=\ "Accepting already established connections" connection-state=established \ disabled=no add action=accept chain=forward comment="Also accepting related connections" \ connection-state=related disabled=no add action=drop chain=forward comment="Dropping invalid connections at once" \ connection-state=invalid disabled=no add action=jump chain=input comment="jump to the virus chain" disabled=no \ jump-target=virus add action=drop chain=virus comment=DMSetup disabled=no dst-port=59 protocol=\ tcp add action=drop chain=virus comment="Drop Blaster Worm" disabled=no dstport=\ 135-139 protocol=tcp add action=drop chain=virus comment="Drop Messenger Worm" disabled=no \ dst-port=135-139 protocol=udp add action=drop chain=virus comment="The Invasor" disabled=no dst-port=315 \ protocol=tcp add action=drop chain=virus comment="Drop Blaster Worm" disabled=no dstport=\ 445 protocol=tcp add action=drop chain=virus comment="Drop Blaster Worm" disabled=no dstport=\ 445 protocol=udp add action=drop chain=virus comment=________ disabled=no dst-port=593 \ protocol=tcp add action=drop chain=virus comment=GayOL disabled=no dst-port=692 protocol=\ tcp add action=drop chain=virus comment="AIM Spy" disabled=no dst-port=777 \ protocol=tcp add action=drop chain=virus comment=WinHole disabled=no dst-port=808 protocol=\ tcp add action=drop chain=virus comment="Everyone\92s Darling" disabled=no \ dst-port=815 protocol=tcp add action=drop chain=virus comment="Everyone\92s Darling" disabled=no \ dst-port=815 protocol=udp add action=drop chain=virus comment=DeepThroat disabled=no dst-port=999 \ protocol=tcp add action=drop chain=virus comment="Der Spaeher 3" disabled=no dstport=1000 \ protocol=tcp add action=drop chain=virus comment=\ "Der Spaeher 3, Le Guardian, Silencer, WebEx" disabled=no dst-port=1001 \ protocol=tcp

    add action=drop chain=virus comment="BackDoor 2.0x" disabled=no dstport=1003 \ protocol=tcp add action=drop chain=virus comment="Doly Trojan 1.3 + 1.35, CafeIni 0.9" \ disabled=no dst-port=1010-1100 protocol=tcp add action=drop chain=virus comment="Doly Trojan 1.1/1.2 " disabled=no \ dst-port=1011 protocol=tcp add action=drop chain=virus comment="Doly Trojan 1.5" disabled=no dst-port=\ 1012 protocol=tcp add action=drop chain=virus comment="Doly Trojan 1.6" disabled=no dst-port=\ 1015 protocol=tcp add action=drop chain=virus comment="Doly Trojan" disabled=no dst-port=1016 \ protocol=tcp add action=drop chain=virus comment=________ disabled=no dst-port=10241029 \ protocol=tcp add action=drop chain=virus comment="MyDoom.B, MyDoom.F, MyDoom.G, MyDoom.H" \ disabled=no dst-port=1080 protocol=tcp add action=drop chain=virus comment="BFevolution, Rat" disabled=no dst-port=\ 1099 protocol=tcp add action=drop chain=virus comment=MTX disabled=no dst-port=1137 protocol=tcp add action=drop chain=virus comment=\ "Psyber Stream Server, Streaming Audio Trojan, Voice" disabled=no \ dst-port=1170 protocol=tcp add action=drop chain=virus comment=SoftWAR disabled=no dst-port=1207 \ protocol=tcp

    add action=drop chain=virus dst-port=1208 protocol=tcp add action=drop chain=virus port=1338 \ protocol=tcp add action=drop chain=virus protocol=tcp add action=drop chain=virus disabled=no \ dst-port=1492 protocol=tcp add action=drop chain=virus dst-port=1509 protocol=tcp add action=drop chain=virus port=1524 \ protocol=tcp add action=drop chain=virus protocol=tcp add action=drop chain=virus protocol=tcp

    comment="Infector 1.3 + 1.4.1" disabled=no \ comment="Millenium Worm" disabled=no dst-

    comment=RemoteStorm disabled=no dst-port=1441 \ comment="FTP99CMP, Back.Orifice.FTP"

    comment="Psyber Streaming Server" disabled=no \ comment="Trin00 (DDoS)" disabled=no dst-

    comment=Shivka-Burka disabled=no dst-port=1600 \ comment=Rux.Tick disabled=no dst-port=1700 \

    add action=drop chain=virus comment=Scarab disabled=no dst-port=1777 protocol=\ tcp add action=drop chain=virus comment="Snid X2" disabled=no dst-port=1784 \ protocol=tcp add action=drop chain=virus comment=SpySender disabled=no dst-port=1807 \ protocol=tcp add action=drop chain=virus comment="Drop MyDoom" disabled=no dstport=1080 \ protocol=tcp add action=drop chain=virus comment=________ disabled=no dst-port=1214 \ protocol=tcp add action=drop chain=virus comment="ndm requester" disabled=no dstport=1363 \ protocol=tcp add action=drop chain=virus comment="ndm server" disabled=no dst-port=1364 \ protocol=tcp add action=drop chain=virus comment="screen cast" disabled=no dst-port=1368 \ protocol=tcp add action=drop chain=virus comment=hromgrafx disabled=no dst-port=1373 \ protocol=tcp add action=drop chain=virus comment=cichlid disabled=no dst-port=1377 \ protocol=tcp add action=drop chain=virus comment=Worm disabled=no dst-port=1433-1434 \ protocol=tcp add action=drop chain=virus comment="Fake FTP" disabled=no dst-port=1966 \ protocol=tcp add action=drop chain=virus comment="OpC BO" disabled=no dst-port=1969 \ protocol=tcp add action=drop chain=virus comment=Shockrave disabled=no dst-port=1981 \ protocol=tcp add action=drop chain=virus comment="Der Spaeher 3, TransScout, Trojan Cow" \ disabled=no dst-port=2001 protocol=tcp add action=drop chain=virus comment=TransScout disabled=no dst-port=20022005 \ protocol=tcp add action=drop chain=virus comment="HackCity Ripper Pro" disabled=no \ dst-port=2023 protocol=tcp add action=drop chain=virus comment=Bugs disabled=no dst-port=2115 protocol=\ tcp add action=drop chain=virus comment=Rux.PSW disabled=no dst-port=2208 \ protocol=tcp add action=drop chain=virus comment="HLV Rat 5, Rat" disabled=no dstport=2283 \ protocol=tcp add action=drop chain=virus comment="Drop Beagle" disabled=no dstport=2535 \ protocol=tcp add action=drop chain=virus comment=Striker disabled=no dst-port=2565 \

    protocol=tcp add action=drop chain=virus comment="Bagle Virus" disabled=no dst-port=2745 \ protocol=tcp add action=drop chain=virus comment="Drop MyDoom" disabled=no dstport=3127 \ protocol=tcp add action=drop chain=virus comment="Drop Backdoor OptixPro" disabled=no \ dst-port=3410 protocol=tcp add action=drop chain=virus comment="Teror Trojan" disabled=no dstport=3456 \ protocol=tcp add action=drop chain=virus comment="Eclipse 2000, Sanctuary" disabled=no \ dst-port=3459 protocol=tcp add action=drop chain=virus comment="Snid X2" disabled=no dst-port=3586 \ protocol=tcp add action=drop chain=virus comment="Portal of Doom (PoD), al of Doom" \ disabled=no dst-port=3700 protocol=tcp add action=drop chain=virus comment="Total Eclipse (FTP)" disabled=no \ dst-port=3791 protocol=tcp add action=drop chain=virus comment="Total Eclipse" disabled=no dstport=3801 \ protocol=udp add action=drop chain=virus comment=WinCrash disabled=no dst-port=4092 \ protocol=tcp add action=drop chain=virus comment="Virtual hacking Machine" disabled=no \ dst-port=4242 protocol=tcp add action=drop chain=virus comment=Rux.Backdoor disabled=no dstport=4245 \ protocol=tcp add action=drop chain=virus comment="BoBo, Schoolbus 1.0" disabled=no \ dst-port=4321 protocol=tcp add action=drop chain=virus comment="Prosiak, Swift remote" disabled=no \ dst-port=4444 protocol=tcp add action=drop chain=virus comment=Worm disabled=no dst-port=4444 protocol=\ udp add action=drop chain=virus comment="File Nail" disabled=no dst-port=4567 \ protocol=tcp add action=drop chain=virus comment=ICQTrojan disabled=no dst-port=4590 \ protocol=tcp add action=drop chain=virus comment=Olfactor disabled=no dst-port=4711 \ protocol=udp add action=drop chain=virus comment="ICQTrojan, Icq Trojan" disabled=no \ dst-port=4950 protocol=tcp add action=drop chain=virus comment=OOTLT disabled=no dst-port=5011 protocol=\ tcp add action=drop chain=virus comment=\ "NetMetropolitan 1.0, NetMetropolitan 1.04" disabled=no dst-port=5031-5032 \ protocol=tcp

    add action=drop chain=virus comment=Firehotcker disabled=no dst-port=5321 \ protocol=tcp add action=drop chain=virus comment="Backage Trojan Box 3" disabled=no \ dst-port=5333 protocol=tcp add action=drop chain=virus comment=WCrat disabled=no dst-port=5343 protocol=\ tcp add action=drop chain=virus comment="Blade Runner, Back Construction" \ disabled=no dst-port=5400-5402 protocol=tcp add action=drop chain=virus comment="Illusion Mailer" disabled=no dst-port=\ 5512,5521 protocol=tcp add action=drop chain=virus comment="Xtcp 2" disabled=no dst-port=5550 \ protocol=tcp add action=drop chain=virus comment="Drop Sasser" disabled=no dstport=5554 \ protocol=tcp add action=drop chain=virus comment=ServeMe disabled=no dst-port=5555 \ protocol=tcp add action=drop chain=virus comment="BO Facil, H0rtiga" disabled=no dst-port=\ 5556 protocol=tcp add action=drop chain=virus comment="BO Facil" disabled=no dst-port=5557 \ protocol=tcp add action=drop chain=virus comment=RoboHack disabled=no dst-port=5569 \ protocol=tcp add action=drop chain=virus comment="BackDoor 2.03" disabled=no dst-port=\ 5598,5698 protocol=tcp add action=drop chain=virus comment="PC Crasher" disabled=no dst-port=\ 5637-5638 protocol=tcp add action=drop chain=virus comment="WinCrash, WinCrash 3" disabled=no \ dst-port=5714,5741-5742 protocol=tcp add action=drop chain=virus comment="Y3K RAT" disabled=no dst-port=58815882 \ protocol=udp add action=drop chain=virus comment="Y3K RAT" disabled=no dst-port=5882 \ protocol=tcp add action=drop chain=virus comment="Y3K RAT" disabled=no dst-port=5888 \ protocol=udp add action=drop chain=virus comment="Y3K RAT" disabled=no dst-port=58885889 \ protocol=tcp add action=drop chain=virus comment="The Thing, APStrojan" disabled=no \ dst-port=6000,6006,6400 protocol=tcp add action=drop chain=virus comment="Devil 1.03" disabled=no dst-port=6500 \ protocol=tcp add action=drop chain=virus comment=TCPshell.c disabled=no dst-port=6666 \ protocol=tcp add action=drop chain=virus comment="Host Control, Vampyre 1.0" disabled=no \ dst-port=6669 protocol=tcp add action=drop chain=virus comment=\

    "DeepThroat, BackWeb Server, WinNuke eXtreame" disabled=no dst-port=6670 \ protocol=tcp add action=drop chain=virus comment=\ "BackDoor-G, SubSeven, Sub7,Funny Trojan(*)" disabled=no dst-port=\ 6711-6713 protocol=tcp add action=drop chain=virus comment=Mstream disabled=no dst-port=6723 \ protocol=tcp add action=drop chain=virus comment="NT Remote Control" disabled=no dstport=\ 6767 protocol=tcp add action=drop chain=virus comment=DeepThroat disabled=no dst-port=6771 \ protocol=tcp add action=drop chain=virus comment=\ "2000 Cracks, BackDoor-G, SubSeven, Sub7(*)" disabled=no dst-port=6776 \ protocol=tcp add action=drop chain=virus comment="Doly Trojan" disabled=no dst-port=6789 \ protocol=tcp add action=drop chain=virus comment=Mstream disabled=no dst-port=6838 \ protocol=udp add action=drop chain=virus comment=DeltaSource disabled=no dst-port=6883 \ protocol=tcp add action=drop chain=virus comment="Shit Heep" disabled=no dst-port=6912 \ protocol=tcp add action=drop chain=virus comment="Indoctrination, Gatecrasher.a" disabled=\ no dst-port=6939 protocol=tcp add action=drop chain=virus comment=\ "GateCrasher, IRC 3, NetController, Priority" disabled=no dst-port=6969 \ protocol=tcp add action=drop chain=virus comment="" disabled=no dst-port=6969 protocol=udp add action=drop chain=virus comment=Freak88 disabled=no dst-port=7001 \ protocol=tcp add action=drop chain=virus comment=NetMonitor disabled=no dst-port=7201 \ protocol=tcp add action=drop chain=virus comment="BackDoor-G, SubSeven, Sub7(*)" disabled=\ no dst-port=7215 protocol=tcp add action=drop chain=virus comment=NetMonitor disabled=no dst-port=\ 7300-7301,7306-7308 protocol=tcp add action=drop chain=virus comment="Host Control" disabled=no dstport=7424 \ protocol=tcp add action=drop chain=virus comment="" disabled=no dst-port=7424 protocol=udp add action=drop chain=virus comment=Qaz disabled=no dst-port=7597 protocol=tcp add action=drop chain=virus comment="Snid X2" disabled=no dst-port=7609 \ protocol=tcp add action=drop chain=virus comment="Back Door Setup, ICQKiller" disabled=no \ dst-port=7789 protocol=tcp

    add action=drop chain=virus protocol=tcp add action=drop chain=virus disabled=no \ dst-port=8787 protocol=tcp add action=drop chain=virus dst-port=8897 protocol=tcp add action=drop chain=virus port=8866 \ protocol=tcp

    comment=Mstream disabled=no dst-port=7983 \ comment="Back Orifice 2000, BO2K(*)"

    comment="HackOffice Armageddon" disabled=no \ comment="Drop Beagle.B" disabled=no dst-

    add action=drop chain=virus comment=Rcon disabled=no dst-port=8989 protocol=\ tcp add action=drop chain=virus comment=Netministrator disabled=no dstport=9000 \ protocol=tcp add action=drop chain=virus comment=Mstream disabled=no dst-port=9325 \ protocol=udp add action=drop chain=virus comment=InCommand disabled=no dst-port=9400 \ protocol=tcp add action=drop chain=virus comment="Portal of Doom (PoD)" disabled=no \ dst-port=9872-9875 protocol=tcp add action=drop chain=virus comment="Cyber Attacker, Rux.Backdoor" disabled=no \ dst-port=9876 protocol=tcp add action=drop chain=virus comment=TransScout disabled=no dst-port=9878 \ protocol=tcp add action=drop chain=virus comment="Drop Dabber.A-B" disabled=no dst-port=\ 9898 protocol=tcp add action=drop chain=virus comment=iNi-Killer disabled=no dst-port=9989 \ protocol=tcp add action=drop chain=virus comment="The Prayer 1" disabled=no dstport=9999 \ protocol=tcp add action=drop chain=virus comment="Drop Dumaru.Y" disabled=no dstport=10000 \ protocol=tcp add action=drop chain=virus comment="Portal of Doom (PoD)" disabled=no \ dst-port=10067 protocol=udp add action=drop chain=virus comment="Drop MyDoom.B" disabled=no dstport=10080 \ protocol=tcp add action=drop chain=virus comment=Syphillis disabled=no dst-port=1008510086 \ protocol=tcp add action=drop chain=virus comment=BrainSpy disabled=no dst-port=10101 \ protocol=tcp add action=drop chain=virus comment="Portal of Doom (PoD)" disabled=no \ dst-port=10167 protocol=tcp

    add action=drop chain=virus comment="Acid Shivers" disabled=no dst-port=10520 \ protocol=tcp add action=drop chain=virus comment="Host Control" disabled=no dstport=10528 \ protocol=tcp add action=drop chain=virus comment=Coma disabled=no dst-port=10607 protocol=\ tcp add action=drop chain=virus comment=Ambush disabled=no dst-port=10666 \ protocol=udp add action=drop chain=virus comment="Senna Spy, Senna Spy Trojans" disabled=no \ dst-port=11000 protocol=tcp add action=drop chain=virus comment="Host Control" disabled=no dst-port=\ 11050-11051 protocol=tcp add action=drop chain=virus comment="Progenic Trojan, Secret Agent" disabled=\ no dst-port=11223 protocol=tcp add action=drop chain=virus comment="GJamer, MSH.104b" disabled=no dstport=\ 12076 protocol=tcp add action=drop chain=virus comment="Hack99 KeyLogger" disabled=no dstport=\ 12223 protocol=tcp add action=drop chain=virus comment=\ "GabanBus, NetBus 1.x, NetBus 1.7(*), Pie Bill Gates, WhackJob, X-bill" \ disabled=no dst-port=12345 protocol=tcp add action=drop chain=virus comment=\ "GabanBus, NetBus 1.x, NetBus 1.7(*), X-bill" disabled=no dst-port=12346 \ protocol=tcp add action=drop chain=virus comment=BioNet disabled=no dst-port=12349 \ protocol=tcp add action=drop chain=virus comment=Whack-a-mole disabled=no dst-port=\ 12361-12362 protocol=tcp add action=drop chain=virus comment="DUN Control" disabled=no dstport=12623 \ protocol=udp add action=drop chain=virus comment=Buttman disabled=no dst-port=12624 \ protocol=tcp add action=drop chain=virus comment="WhackJob, WhackJob.NB1.7" disabled=no \ dst-port=12631 protocol=tcp add action=drop chain=virus comment="Eclipse 2000" disabled=no dstport=12701 \ protocol=tcp add action=drop chain=virus comment="Drop Kuang2" disabled=no dstport=17300 \ protocol=tcp add action=drop chain=virus comment="Drop SubSeven" disabled=no dstport=27374 \

    protocol=tcp add action=drop chain=virus comment="Drop PhatBot, Agobot, Gaobot" disabled=no \ dst-port=65506 protocol=tcp add action=drop chain=virus comment=Mstream disabled=no dst-port=12754 \ protocol=tcp add action=drop chain=virus comment="Senna Spy" disabled=no dstport=13000 \ protocol=tcp add action=drop chain=virus comment="Hacker Brazil" disabled=no dstport=13010 \ protocol=tcp add action=drop chain=virus comment="Kuang2 The Virus" disabled=no dst-port=\ 13700 protocol=tcp add action=drop chain=virus comment="PC Invader 0.7" disabled=no dst-port=\ 14456 protocol=tcp add action=drop chain=virus comment="PC Invader 0.7" disabled=no dst-port=\ 14500-14503 protocol=tcp add action=drop chain=virus comment="NetDaemon 1.0" disabled=no dstport=15000 \ protocol=tcp add action=drop chain=virus comment="Host Control" disabled=no dstport=15092 \ protocol=tcp add action=drop chain=virus comment=Mstream disabled=no dst-port=15104 \ protocol=tcp add action=drop chain=virus comment=Mosucker disabled=no dst-port=16484 \ protocol=tcp add action=drop chain=virus comment="Stackeldraht (DDoS)" disabled=no \ dst-port=16660 protocol=tcp add action=drop chain=virus comment="ICQ Revenge" disabled=no dstport=16772 \ protocol=tcp add action=drop chain=virus comment=Priority disabled=no dst-port=16969 \ protocol=tcp add action=drop chain=virus comment=Mosaic disabled=no dst-port=17166 \ protocol=tcp add action=drop chain=virus comment="Kuang2 The Virus" disabled=no dst-port=\ 17300 protocol=tcp add action=drop chain=virus comment=CrazyNet disabled=no dst-port=17490 \ protocol=tcp add action=drop chain=virus comment=CrazyNet disabled=no dst-port=17500 \ protocol=tcp add action=drop chain=virus comment="Infector 1.4.x + 1.6.x" disabled=no \ dst-port=17569 protocol=tcp add action=drop chain=virus comment=Nephron disabled=no dst-port=17777 \ protocol=tcp add action=drop chain=virus comment="ICQ Revenge" disabled=no dstport=19864 \ protocol=tcp

    add action=drop chain=virus comment="Millennium II" disabled=no dstport=20000 \ protocol=tcp add action=drop chain=virus comment="Millennium II" disabled=no dstport=20001 \ protocol=tcp add action=drop chain=virus comment=Acidkor disabled=no dst-port=20034 \ protocol=tcp add action=drop chain=virus comment="Chupacabra, Logged!" disabled=no \ dst-port=20203 protocol=tcp add action=drop chain=virus comment=Bla disabled=no dst-port=20331 protocol=\ tcp add action=drop chain=virus comment="Shaft (DDoS)" disabled=no dstport=20432 \ protocol=tcp add action=drop chain=virus comment=GirlFriend disabled=no dst-port=21544 \ protocol=tcp add action=drop chain=virus comment=\ "GirlFriend, Schwindler, WinSp00fer, Kidterror" disabled=no dst-port=21544 \ protocol=tcp add action=drop chain=virus comment=Prosiak disabled=no dst-port=22222 \ protocol=tcp add action=drop chain=virus comment="Net Trash 1.0" disabled=no dstport=23005 \ protocol=tcp add action=drop chain=virus comment="Net Trash 1.0" disabled=no dstport=23005 \ protocol=udp add action=drop chain=virus comment=Logged disabled=no dst-port=23023 \ protocol=tcp add action=drop chain=virus comment=Asylum disabled=no dst-port=23432 \ protocol=tcp add action=drop chain=virus comment="Evil FTP, Ugly FTP, WhackJob" disabled=no \ dst-port=23456 protocol=tcp add action=drop chain=virus comment="Evil FTP, Ugly FTP, WhackJob" disabled=no \ dst-port=23456 protocol=udp add action=drop chain=virus comment="Donald Dick" disabled=no dst-port=23476 \ protocol=tcp add action=drop chain=virus comment="Donald Dick" disabled=no dst-port=23476 \ protocol=udp add action=drop chain=virus comment="Donald Dick" disabled=no dst-port=23477 \ protocol=tcp add action=drop chain=virus comment="Delta Source" disabled=no dstport=26274 \

    protocol=udp add action=drop chain=virus comment="Spy Voice" disabled=no dst-port=26681 \ protocol=tcp add action=drop chain=virus comment="BackDoor-G, SubSeven, Sub7(*)" disabled=\ no dst-port=27374 protocol=tcp add action=drop chain=virus comment="Trin00 (DDoS)" disabled=no dstport=27444 \ protocol=udp add action=drop chain=virus comment="Trin00 (DDoS)" disabled=no dstport=27665 \ protocol=tcp add action=drop chain=virus comment="Hack'a'Track" disabled=no dst-port=\ 28431-28432 protocol=udp add action=drop chain=virus comment="Host Control" disabled=no dstport=29104 \ protocol=tcp add action=drop chain=virus comment="The Unexplained" disabled=no dst-port=\ 29891 protocol=udp add action=drop chain=virus comment=Terr0r32 disabled=no dst-port=30001 \ protocol=tcp add action=drop chain=virus comment="AOL Trojan" disabled=no dstport=30029 \ protocol=tcp add action=drop chain=virus comment="NetSphere 1.27a, NetSphere 1.31" \ disabled=no dst-port=30100-30103 protocol=tcp add action=drop chain=virus comment="NetSphere 1.27a, NetSphere 1.31" \ disabled=no dst-port=30103 protocol=udp add action=drop chain=virus comment="NetSphere Final" disabled=no dst-port=\ 30133 protocol=tcp add action=drop chain=virus comment="Sockets de Troie, Socket 23" disabled=no \ dst-port=30303 protocol=tcp add action=drop chain=virus comment=Intruse disabled=no dst-port=30947 \ protocol=tcp add action=drop chain=virus comment=Kuang2 disabled=no dst-port=30999 \ protocol=tcp add action=drop chain=virus comment="Trin00 (DDoS)" disabled=no dstport=31335 \ protocol=udp add action=drop chain=virus comment="BOWhack, ButtFunnel" disabled=no \ dst-port=31336 protocol=tcp add action=drop chain=virus comment=\ "BackFire, BaronNight, Back Orifice, BackOrificeLM.LEENTeck, BO Client..." \ disabled=no dst-port=31337-31338 protocol=tcp add action=drop chain=virus comment=\ "BackFire, BaronNight, Back Orifice, BackOrificeLM.LEENTeck, BO Client..." \ disabled=no dst-port=31337-31338 protocol=udp add action=drop chain=virus comment="NetSpy DK" disabled=no dst-

    port=31339 \ protocol=tcp add action=drop chain=virus comment=Schwindler disabled=no dst-port=31554 \ protocol=tcp add action=drop chain=virus comment="BOWhack, BOWackmole" disabled=no \ dst-port=31666 protocol=tcp add action=drop chain=virus comment="Hack'a'Tack" disabled=no dst-port=\ 31778,31785,31787,31792 protocol=tcp add action=drop chain=virus comment="Hack'a'Tack" disabled=no dst-port=\ 31788-31791 protocol=udp add action=drop chain=virus comment="Peanut Brittle, Project nEXT" disabled=no \ dst-port=32100 protocol=tcp add action=drop chain=virus comment="Acid Battery" disabled=no dst-port=32418 \ protocol=tcp add action=drop chain=virus comment="Blackharaz, Prosiak" disabled=no \ dst-port=33333 protocol=tcp add action=drop chain=virus comment=PsychWard disabled=no dst-port=33577 \ protocol=tcp add action=drop chain=virus comment=PsychWard disabled=no dst-port=33777 \ protocol=tcp add action=drop chain=virus comment="Trojan Spirit 2001a" disabled=no \ dst-port=33911 protocol=tcp add action=drop chain=virus comment="BigGlurck, TN, Tiny Telnet Server" \ disabled=no dst-port=34324 protocol=tcp add action=drop chain=virus comment="Trin00 (Windows) (DDoS)" disabled=no \ dst-port=34555 protocol=udp add action=drop chain=virus comment="Trin00 (Windows) (DDoS)" disabled=no \ dst-port=35555 protocol=udp add action=drop chain=virus comment=YAT disabled=no dst-port=37651 protocol=\ tcp add action=drop chain=virus comment="The Spy" disabled=no dst-port=40412 \ protocol=tcp add action=drop chain=virus comment="Agent 40421, Masters Paradise" disabled=\ no dst-port=40421-40423 protocol=tcp add action=drop chain=virus comment="Masters Paradise 1.x" disabled=no \ dst-port=40425-40426 protocol=tcp add action=drop chain=virus comment="Remote Boot" disabled=no dstport=41666 \ protocol=tcp add action=drop chain=virus comment="Remote Boot" disabled=no dstport=41666 \ protocol=udp add action=drop chain=virus comment="Schoolbus 1.6/2.0" disabled=no dstport=\ 43210 protocol=tcp add action=drop chain=virus comment=Prosiak disabled=no dst-port=44444 \

    protocol=tcp add action=drop chain=virus comment="Delta Source" disabled=no dstport=47262 \ protocol=udp add action=drop chain=virus comment="Online Keylogger" disabled=no dst-port=\ 49301 protocol=tcp add action=drop chain=virus comment="Sockets de Troie" disabled=no dst-port=\ 50505 protocol=tcp add action=drop chain=virus comment="Fore, Schwindler" disabled=no dst-port=\ 50766 protocol=tcp add action=drop chain=virus comment=CafeIni disabled=no dst-port=51996 \ protocol=tcp add action=drop chain=virus comment="Remote Windows Shutdown" disabled=no \ dst-port=53001 protocol=tcp add action=drop chain=virus comment="Acid Battery 2000" disabled=no dstport=\ 53217 protocol=tcp add action=drop chain=virus comment="BackDoor-G, SubSeven, Sub7(*)" disabled=\ no dst-port=54283 protocol=tcp add action=drop chain=virus comment="Back Orifice 2000, BO2K(*)" disabled=no \ dst-port=54320 protocol=udp add action=drop chain=virus comment=\ "Schoolbus .69-1.11 + 1.6 + 2.0, Back Orifice 2000" disabled=no dst-port=\ 54321 protocol=tcp add action=drop chain=virus comment=\ "Schoolbus .69-1.11 + 1.6 + 2.0, Back Orifice 2000" disabled=no dst-port=\ 54321 protocol=udp add action=drop chain=virus comment=NetRaider disabled=no dst-port=57341 \ protocol=tcp add action=drop chain=virus comment=ButtFunnel disabled=no dst-port=58339 \ protocol=tcp add action=drop chain=virus comment="Deep Throat 2.0/3.0" disabled=no \ dst-port=60000 protocol=tcp add action=drop chain=virus comment="Xzip 6000068" disabled=no dstport=60068 \ protocol=tcp add action=drop chain=virus comment=Connection disabled=no dst-port=60411 \ protocol=tcp add action=drop chain=virus comment=Bunker-Hill disabled=no dst-port=61348 \ protocol=tcp add action=drop chain=virus comment=Telecommando disabled=no dstport=61466 \ protocol=tcp add action=drop chain=virus comment=Bunker-Hill disabled=no dst-port=61603 \ protocol=tcp add action=drop chain=virus comment=Bunker-Hill disabled=no dst-port=63485 \ protocol=tcp

    add action=drop chain=virus comment="Devil Trojan 1.03, Stacheldraht (DDoS)" \ disabled=no dst-port=65000 protocol=tcp add action=drop chain=virus comment="The Traitor" disabled=no dstport=65432 \ protocol=tcp add action=drop chain=virus comment="The Traitor" disabled=no dstport=65432 \ protocol=udp add action=drop chain=virus comment=RC disabled=no dst-port=65535 protocol=tcp add action=drop chain=forward comment="Bloqueo de puerto 21,22,23" disabled=no \ dst-port=21,22,23 protocol=tcp add action=drop chain=input comment="drop ssh brute forcers" disabled=no \ dst-port=22 protocol=tcp src-address-list=black_list add action=add-src-to-address-list address-list=black_list \ address-list-timeout=1d chain=input comment="" connection-state=new \ disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage3 add action=add-src-to-address-list address-list=ssh_stage3 \ address-list-timeout=30m chain=input comment="" connection-state=new \ disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage2 add action=add-src-to-address-list address-list=ssh_stage2 \ address-list-timeout=2m chain=input comment="" connection-state=new \ disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage1 add action=add-src-to-address-list address-list=ssh_stage1 \ address-list-timeout=1m chain=input comment="" connection-state=new \ disabled=no dst-port=22 protocol=tcp add action=drop chain=input comment="drop ftp brute forcers" disabled=no \ dst-port=21 protocol=tcp src-address-list=black_list add action=add-src-to-address-list address-list=black_list \ address-list-timeout=1d chain=input comment="" connection-state=new \ disabled=no dst-port=21 protocol=tcp src-address-list=ftp_stage3 add action=add-src-to-address-list address-list=ftp_stage3 \ address-list-timeout=1m chain=input comment="" connection-state=new \ disabled=no dst-port=21 protocol=tcp src-address-list=ftp_stage2 add action=add-src-to-address-list address-list=ftp_stage2 \ address-list-timeout=1m chain=input comment="" connection-state=new \ disabled=no dst-port=21 protocol=tcp src-address-list=ftp_stage1 add action=add-src-to-address-list address-list=ftp_stage1 \ address-list-timeout=1m chain=input comment="" connection-state=new \ disabled=no dst-port=21 protocol=tcp add action=drop chain=input comment="drop telnet brute forcers" disabled=no \ dst-port=23 protocol=tcp src-address-list=black_list add action=add-src-to-address-list address-list=black_list \ address-list-timeout=1d chain=input comment="" connection-state=new \ disabled=no dst-port=23 protocol=tcp src-address-list=telnet_stage3 add action=add-src-to-address-list address-list=telnet_stage3 \ address-list-timeout=30m chain=input comment="" connection-state=new \ disabled=no dst-port=23 protocol=tcp src-address-list=telnet_stage2 add action=add-src-to-address-list address-list=telnet_stage2 \

    address-list-timeout=2m chain=input comment="" connection-state=new \ disabled=no dst-port=23 protocol=tcp src-address-list=telnet_stage1 add action=add-src-to-address-list address-list=telnet_stage1 \ address-list-timeout=1m chain=input comment="" connection-state=new \ disabled=no dst-port=23 protocol=tcp add action=jump chain=tcp-services comment="Anti-Spam policy" connectionmark=\ smtp disabled=no jump-target=smtp-first-drop add action=add-src-to-address-list address-list=approved-smtp \ address-list-timeout=0s chain=smtp-first-drop comment="" disabled=no \ src-address-list=first-smtp add action=add-src-to-address-list address-list=first-smtp \ address-list-timeout=0s chain=smtp-first-drop comment="" disabled=no add action=return chain=smtp-first-drop comment="" disabled=no \ src-address-list=approved-smtp add action=reject chain=smtp-first-drop comment="" disabled=no reject-with=\ icmp-network-unreachable add action=drop chain=tcp-services comment="Restricting Services" \ connection-mark=other-tcp disabled=no add action=drop chain=udp-services comment="" connection-mark=other-udp \ disabled=no add action=drop chain=other-services comment="" connection-mark=other \ disabled=no add action=drop chain=forward comment=Antiares disabled=no p2p=all-p2p add action=drop chain=forward comment=\ "Limitar el numero de conexiones TCP de cada cliente (32)" \ connection-limit=80,32 disabled=no protocol=tcp tcp-flags=syn add action=drop chain=forward comment=\ "Limitar Numero de conexiones UDP para cada cliente (32)" \ connection-state=new disabled=no dst-port=!53,67 limit=30,150 protocol=udp add action=drop chain=forward comment=\ "Limitar Numero de conexiones P2P para cada cliente (32)" \ connection-limit=10,32 connection-state=new disabled=no p2p=all-p2p \ protocol=tcp

    S-ar putea să vă placă și