evilghost
09-14-07, 03:15 PM
ISC SANS has reported on a DNS A based RBL to block storm infected clients. More information is available here, http://isc.sans.org/diary.html?storyid=3379
I'm using these iptable rules:
#Storm Worm
/sbin/iptables -A INPUT -s basic.threatstop.com -j DROP
/sbin/iptables -A INPUT -s basic1.threatstop.com -j DROP
/sbin/iptables -A INPUT -s basic2.threatstop.com -j DROP
/sbin/iptables -A INPUT -s basic3.threatstop.com -j DROP
/sbin/iptables -A INPUT -s basic4.threatstop.com -j DROP
I'm using these iptable rules:
#Storm Worm
/sbin/iptables -A INPUT -s basic.threatstop.com -j DROP
/sbin/iptables -A INPUT -s basic1.threatstop.com -j DROP
/sbin/iptables -A INPUT -s basic2.threatstop.com -j DROP
/sbin/iptables -A INPUT -s basic3.threatstop.com -j DROP
/sbin/iptables -A INPUT -s basic4.threatstop.com -j DROP