| |
|
Saturday, August 23, 2003
|
|
This week SoBig.F, a virulent worm, has been spreading like wildfire. I have been feeling quite smug because it cannot do any damage on my Linux machine. Well, it does harm me in a small way because it eats up bandwidth. But, fortunately, the payload cannot execute on my machine. Every day I got hundreds of infected email messages that Mozilla's junk filter promptly moved out of the way. These messages had attachments with PIF, EXE or SCR (screen saver) extensions which, on Windows, would have caused the virus to take over the machine.
On Tuesday when the worm started hitting my email server I added a few IP addresses to block the most egregious senders (mx2.dnsvr.com and a machine at EPFL, Lausanne). But as the hours went by other machines were attacking my server as well. Yesterday I finally hit on a brilliant idea: the senders of messages in my Mozilla's junk folder could be filtered out. I wrote a perl script that extracted IP addresses from the junk folder. The IP addresses that showed up most often were added to Postfix's access file with the action REJECT. A substantial number of messages have thus been unable to get to my server.
Earlier, I suggested that a firewall be installed on all machines that connect to the Internet. Here is the second piece of advice: read your email on a Linux machine. I have had a quiet week compared to some who have been foaming at the mouth.
11:44:11 PM 
|
|
Last week the MsBlast worm hit Windows machines on the Internet. I felt safe and snug in my Linux house whereas the house that Bill built was shaking. The firewall log on my Linux Internet server showed drop events on port 135. Ha! And there were quite a lot of them when the worm was running rampant. My machine at home is behind a Freesco router/firewall and that did not encounter any problems. In fact, the Windows machines behind the firewall had no difficulty either.
Ever since I've had a router a firewall has been a must. Earlier, my dialup ISDN had a simple firewall to keep away nasties. I used to think that it was unnecessary precaution and, may be, it was in those days. My always-on cable connection has been behind the Freesco firewall since day one.
Some of my friends were hit by the Blaster/LoveSan worm and they are tech-savvy people. A connection to the Internet these days must be through a firewall. If you do not have one, rush out and buy one. Or, at least get a software firewall. It is not 100% security but it should keep out the worst of them. My home firewall has the simple rule: no incoming connection, period. And that is enough for most people.
5:29:49 PM
|
|
|
© Copyright 2003 Raju Varghese.
Last update: 2003-09-21; 12:45:16 AM.
|
|
| August 2003 |
| Sun |
Mon |
Tue |
Wed |
Thu |
Fri |
Sat |
| |
|
|
|
|
1 |
2 |
| 3 |
4 |
5 |
6 |
7 |
8 |
9 |
| 10 |
11 |
12 |
13 |
14 |
15 |
16 |
| 17 |
18 |
19 |
20 |
21 |
22 |
23 |
| 24 |
25 |
26 |
27 |
28 |
29 |
30 |
| 31 |
|
|
|
|
|
|
| Jul Sep |
|
|
