Date: Wed, 19 Sep 2001 20:50:36 -0300 (ART) From: Fernando Gleiser <fgleiser@cactus.fi.uba.ar> To: <rshea@opendoor.co.nz> Cc: <security@FreeBSD.ORG> Subject: Re: NIMDA Virus Message-ID: <20010919204433.A71511-100000@cactus.fi.uba.ar> In-Reply-To: <3BA9C911.18530.49BAA5C@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 20 Sep 2001 rshea@opendoor.co.nz wrote: > > I'd like to do this too. I use IPFW. Can anyone point me at a 'how-to' ? I > thought IPFW rules could only be based on IP address or service type ? This is a quick and dirty perl script I made. It is for IP Filter, but it shouldn't be difficult to modify it o work with ipfw. Hope this helps. Fer ------------------------------8< ---------------- #!/usr/bin/perl -w my $logfile="tail -f path_to_your_access_log |"; my $if="xl0"; #change to match your interface open LOG, $logfile or die "cant open"; while (<LOG>) { if ($_=~/^([^\s]+).*GET.+winnt.+cmd.exe/) { open FW, "| ipf -f -" or die "cant open pipe"; print FW "block return-rst in quick on $if proto tcp from $1 to any"; close FW; } } ------------------------------8< ---------------- > > thanks > > richard shea. > > > > ***************************************************** > Open Door Ltd > PO Box 119-46 > Wellington, NZ > > PH +64 4 384 7639 > FX +64 4 384 7672 > ***************************************************** > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010919204433.A71511-100000>