PDA

View Full Version : Storm-Worm DNSBL


evilghost
09-14-07, 01:15 PM
ISC SANS has reported on a DNS A based RBL to block storm infected clients. More information is available here, http://isc.sans.org/diary.html?storyid=3379

I'm using these iptable rules:


#Storm Worm
/sbin/iptables -A INPUT -s basic.threatstop.com -j DROP
/sbin/iptables -A INPUT -s basic1.threatstop.com -j DROP
/sbin/iptables -A INPUT -s basic2.threatstop.com -j DROP
/sbin/iptables -A INPUT -s basic3.threatstop.com -j DROP
/sbin/iptables -A INPUT -s basic4.threatstop.com -j DROP