View Single Post
Old 09-14-07, 02:15 PM   #1
evilghost
Registered User
 
Join Date: Jul 2005
Posts: 3,606
Default Storm-Worm DNSBL

ISC SANS has reported on a DNS A based RBL to block storm infected clients. More information is available here, http://isc.sans.org/diary.html?storyid=3379

I'm using these iptable rules:

Code:
#Storm Worm
  /sbin/iptables -A INPUT -s basic.threatstop.com -j DROP
  /sbin/iptables -A INPUT -s basic1.threatstop.com -j DROP
  /sbin/iptables -A INPUT -s basic2.threatstop.com -j DROP
  /sbin/iptables -A INPUT -s basic3.threatstop.com -j DROP
  /sbin/iptables -A INPUT -s basic4.threatstop.com -j DROP
evilghost is offline   Reply With Quote