[psad-discuss] PSAD and iptables logging
Brought to you by:
mbr
From: Vernon W. <ve...@co...> - 2004-12-04 17:24:26
|
Hey all, I've installed PSAD and was told that I need to add the following to my i= ptables. =A0-A INPUT -j LOG =A0-A FORWARD -j LOG Now I am getting thousands of emails in regards scans on my system due to= the Micorsoft bug that people refuse to patch their boxes. I can resolve= d the email issue as it's inside of logwatch but I read some where that i= t is best to DROP those packets. So I've added the following line in my i= ptables: -A RH-Firewall-1-INPUT -p tcp -m tcp -m state --dport 445 --state NEW -j = DROP -A RH-Firewall-1-INPUT -p tcp -m tcp -m state --dport 137 --state NEW -j = DROP Shouldn't this do the trick? Thanks --------------------------------------------=20 Vernon Webb=20 Network Information Systems Engineer - Webmaster=20 comp-wiz.com, inc. (201) 703-1232 The Information in this transmission is privileged and confidential. It i= s=20 intended for the use of the individual or entity named above. If you are = not=20 the intended recipient then any review, dissemination, disclosure,=20 alteration, printing, circulation or transmission of this email or any=20 attachment transmitted with it, is prohibited and unlawful. =20 |