2012-02-17 - Re: [GRASE-Hotspot] Compromised Network

Header Data

From: Tim White <ti***8@gmail.com>
Message Hash: 6204ab13268e1a53c0203d6f2b45ca27bdb404ea8d38cce8b326e5e3d0916f3a
Message ID: <4F3E2780.5070709@gmail.com>
Reply To: <1329467691.14355.YahooMailNeo@web161404.mail.bf1.yahoo.com>
UTC Datetime: 2012-02-17 03:10:08 UTC
Raw Date: Fri, 17 Feb 2012 20:10:08 +1000

Raw message 

On 17/02/12 18:34, tim storey wrote:
> Hi Tim,
>
> I have just received a notification of network abuse from my ISP, due 
> to a worm sending spam from somewhere in my network.
> As all my systems are running Linux, I assume that one of my 
> customers, running unprotected Windoze, is responsible.
> I have a vanilla installation of Grase.
> What can I install/tweak on the Grase hotspot server to prevent any 
> such incident from occurring again?
>
> I urgently require a response as I have very few days to resolve the 
> issue.

Hi. I'm currently away so can't give you much help.

Basically, by default all incoming is blocked, but outgoing is permitted 
if they are logged into the network. So what you need to do is prevent 
outgoing, in particular on port 445. Some simple firewall rules in 
/etc/chilli/ipup.sh should assist you.

Sorry I cant be more help. I'll be around later in the weekend and see 
what I can do for you.

Tim

Thread