[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipcop-user
Subject:    Re: [IPCop-user] Firewall rule to block trojan
From:       Eric Oberlander <eric.oberlander () gmail ! com>
Date:       2013-10-16 18:43:13
Message-ID: CAPkz44FyMxnOPiiQpfEfrtXwy0sHucB2R9UcHmyoNenWf+Zf7A () mail ! gmail ! com
[Download RAW message or body]

I'm not absolutely sure, but I'd suggest adding a 'Custom' service on the
Services Admin page:
http://ipcop.org/2.0.0/en/admin/html/firewall-services.html

Then add a rule to drop that particular service on the Firewall rules 'Add
a new rule'
http://ipcop.org/2.0.0/en/admin/html/firewall-fwrules.html

HTH

Eric



On 16 October 2013 18:37, Wayne B <wc5813@gmail.com> wrote:

> Hey Guys,
>
> Quick question. I apologize in advance for not figuring this out myself.
> I'm investigating, but need a quick answer.
>
> I'm running IPCop 2. Apparently some PC in our company is infected with the
> "ZeroAccess" trojan root kit. As a result, we have several email RBLs and
> other outsiders blocking our email and other access. Until I can remove or
> fix the PC in question, I need to just block the darn thing.
>
> >From what I've read, it talks on a UDP destination port of 16464. What's
> the quickest way to block that in IPCop? I admit, I don't know textual
> firewall rule syntax, but I can get a shell and edit. Or I can talk someone
> at the site through doing it via the IPCop GUI if that's possible.
>
> Any quick answers?I'll be investigating in the meantime, but any help is
> much appreciated.
>
> -Thanks,
>    Wayne
>
> ------------------------------------------------------------------------------
> October Webinars: Code for Performance
> Free Intel webinars can help you accelerate application performance.
> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most
> from
> the latest Intel processors and coprocessors. See abstracts and register >
> http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk
> _______________________________________________
> IPCop-user mailing list
> IPCop-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/ipcop-user
>
------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from 
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk
_______________________________________________
IPCop-user mailing list
IPCop-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ipcop-user
[prev in list] [next in list] [prev in thread] [next in thread]