All About iDiots
| M | T | W | T | F | S | S |
|---|---|---|---|---|---|---|
| « Dec | ||||||
| 1 | 2 | 3 | ||||
| 4 | 5 | 6 | 7 | 8 | 9 | 10 |
| 11 | 12 | 13 | 14 | 15 | 16 | 17 |
| 18 | 19 | 20 | 21 | 22 | 23 | 24 |
| 25 | 26 | 27 | 28 | 29 | 30 | |
Archives
Recent Posts
Friends
LinKs
Top Posts
Top Clicks
- None
Blog Stats
- 66,943 hits
Live Journal
All About Log
Tag Archives: worm
Block Blastar di Windows
Posted by on November 9, 2008
Udah beberapa hari koneksi di pl@net sering putus².
berikut contoh log
2008.11.06 14:40:23 **UDP Flood Stop** (from PPPoE1 Outbound)
2008.11.06 14:40:22 **SYN Flood** 192.168.1.14, 4170->> 125.162.81.219, 445 (from PPPoE1 Outbound)
2008.11.06 14:40:22 **UDP Flood Stop** (from PPPoE1 Outbound)
2008.11.06 14:40:22 **SYN Flood** 192.168.1.14, 4169->> 125.162.81.218, 445 (from PPPoE1 Outbound)
2008.11.06 14:40:22 **UDP Flood Stop** (from PPPoE1 Outbound)
2008.11.06 14:40:22 **SYN Flood** 125.162.85.210, 4447->> 125.162.90.179, 445 (from PPPoE1 Inbound)
2008.11.06 14:39:51 **UDP Flood Stop** (from PPPoE1 Outbound)
2008.11.06 14:39:49 **SYN Flood** 192.168.1.14, 4103->> 125.162.83.102, 135 (from PPPoE1 Outbound)
crash di system winxp dengan pesan
“Generic Host Process for Win32 Services”, Faulting application svchost.exe, version 5.1.2600.2180, faulting module netapi32.dll, version 5.1.2600.2180, fault address 0×0000a3c0.”
eror terjadi di file
WER51f3.dir00svchost.exe.mdmp
TempWER51f3.dir00appcompat.txt
setelah tannya sana sini ternyata penyebabnya.. ada Blastar yang ga terdeteksi sama anti virus..
beberapa saat setelah muncul pesan ini, koneksi internet dan lan langsung terputus. worm yg satu ini selalu menyerang lewat port 135 dan 445.
Advertisements
iptables block Worm
Posted by on March 12, 2001
iptables -A INPUT -p udp -m udp --dport 53 -j DROP iptables -A INPUT -p udp -m udp --dport 135 -j DROP iptables -A INPUT -p udp -m udp --dport 137 -j DROP iptables -A INPUT -p udp -m udp --dport 138 -j DROP iptables -A INPUT -p udp -m udp --dport 139 -j DROP iptables -A INPUT -p udp -m udp --dport 65535 -j DROP iptables -A INPUT -p tcp -m tcp --dport 53 -j DROP iptables -A INPUT -p tcp -m tcp --dport 135 -j DROP iptables -A INPUT -p tcp -m tcp --dport 137 -j DROP iptables -A INPUT -p tcp -m tcp --dport 138 -j DROP iptables -A INPUT -p tcp -m tcp --dport 139 -j DROP iptables -A INPUT -p tcp -m tcp --dport 65535 -j DROP iptables -A INPUT -p tcp -m tcp --dport 65535 -j DROP iptables -A OUTPUT -p tcp -m tcp --dport 53 -j DROP iptables -A OUTPUT -p tcp -m tcp --dport 135 -j DROP iptables -A OUTPUT -p tcp -m tcp --dport 137 -j DROP iptables -A OUTPUT -p tcp -m tcp --dport 138 -j DROP iptables -A OUTPUT -p tcp -m tcp --dport 139 -j DROP iptables -A OUTPUT -p tcp -m tcp --dport 65535 -j DROP iptables -A OUTPUT -p udp -m udp --dport 53 -j DROP iptables -A OUTPUT -p udp -m udp --dport 135 -j DROP iptables -A OUTPUT -p udp -m udp --dport 137 -j DROP iptables -A OUTPUT -p udp -m udp --dport 138 -j DROP iptables -A OUTPUT -p udp -m udp --dport 139 -j DROP iptables -A OUTPUT -p udp -m udp --dport 65535 -j DROP
Recent Comments