[lug] IPCHAIN rule to block dynamic update from Win2K
D. Stimits
stimits at idcomm.com
Tue Sep 11 10:57:47 MDT 2001
Hugh Brown wrote:
>
> I would sniff the traffic and see what port it is communication on and then
> do a block on the output chain for those ports.
>
> Hugh
>
> "Stephen Smith"
> >
> > I am looking for the best way to block this
> > before it gets blocked by the DNS.
> >
> >
> > Any Ideas?
> >
> > Stephen
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
Without that of course there is almost no way to selectively block. One
suggestion to determine this is to log all outbound SYN connections and
then manually start the update if possible. ipchains logging can be
useful even when not actually blocking.
D. Stimits, stimits at idcomm.com
More information about the LUG
mailing list