Firewall Scripte zum Blocken/Erkennen von Viren

Forum zum Thema Firewall

Moderator: Lancom-Systems Moderatoren

Antworten
Christoph_vW
Beiträge: 282
Registriert: 02 Mai 2011, 09:47
Wohnort: Berlin
Kontaktdaten:
Kontaktdaten von Christoph_vW

Firewall Scripte zum Blocken/Erkennen von Viren

Beitrag von Christoph_vW »

IDS-VIR-CRIDEX.E.lcs

Code: Alles auswählen

# Script (8.82.100)
# https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?ThreatId=-2147309733#tab=2

# Blocks access to the following ips on port 8080 and sends syslog and email notifications
#
# 110.234.150.163
# 123.49.61.59
# 190.81.107.70
# 202.143.147.35
# 203.172.252.26
# 203.172.252.29
# 203.217.147.52
# 211.44.250.173
# 41.168.5.140
# 83.238.208.55
# 91.121.103.143
# 97.74.75.172

lang English
flash No

cd /Setup/IP-Router/Firewall/Actions 
#    Name                              Description                                                     
#    -------------------------------------------------------------------------------------------------------
add  "IDS-DROP-NOTIFY"                {Description}  "%Lcds0 %D %S %M %N"

cd /Setup/IP-Router/Firewall/Objects 
#    Name                              Description                                                     
#    -------------------------------------------------------------------------------------------------------
add  "IDS-VIR-CRIDEX.E0"              {Description}  "%A110.234.150.163 %A203.172.252.26 %A91.121.103.143 %S8080"
add  "IDS-VIR-CRIDEX.E1"              {Description}  "%A202.143.147.35 %A203.172.252.29 %A211.44.250.173"
add  "IDS-VIR-CRIDEX.E2"              {Description}  "%A203.217.147.52 %A83.238.208.55 %A190.81.107.70 %A41.168.5.140"
add  "IDS-VIR-CRIDEX.E3"              {Description}  "%A123.49.61.59 %A97.74.75.172"
add  "IDS-VIR-CRIDEX.E4"              {Description}  "IDS-VIR-CRIDEX.E0 IDS-VIR-CRIDEX.E1 IDS-VIR-CRIDEX.E2"
add  "IDS-VIR-CRIDEX.E5"              {Description}  "IDS-VIR-CRIDEX.E3"

cd /Setup/IP-Router/Firewall/Rules 
#    Name                              Prot.       Source                                    Destination                               Action                                    Linked      Prio   Firewall-Rule  VPN-Rule   Stateful  Src-Tag    Rtg-tag  Comment                                                         
#    ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
add  "IDS-VIR-CRIDEX.E"               {Prot.}  "TCP"      {Source}  "LOCALNET"                               {Destination}  "IDS-VIR-CRIDEX.E4 IDS-VIR-CRIDEX.E5"    {Action}  "IDS-DROP-NOTIFY"                        {Linked}  No         {Prio}  9999  {Firewall-Rule}  Yes           {VPN-Rule}  No        {Stateful}  Yes      {Src-Tag}  0         {Rtg-tag}  0       {Comment}  ""

cd /
flash Yes

# done
exit
Nach oben
Antworten

Zurück zu „Fragen zum Thema Firewall“