请大家看看,没有端口列表吗?
add chain=virus protocol=tcp action=drop disabled=no dst-port=41 comment="DeepThroat.Trojan-1"add chain=virus protocol=tcp action=drop disabled=no dst-port=82 comment="Worm.NetSky.Y@mm"
add chain=virus protocol=tcp action=drop disabled=no dst-port=113 comment="W32.Korgo.A/B/C/D/E/F-1"
add chain=virus protocol=tcp action=drop disabled=no dst-port=2041comment="W33.Korgo.A/B/C/D/E/F-2"
add chain=virus protocol=tcp action=drop disabled=no dst-port=3150comment="DeepThroat.Trojan-2"
add chain=virus protocol=tcp action=drop disabled=no dst-port=3067comment="W32.Korgo.A/B/C/D/E/F-3"
add chain=virus protocol=tcp action=drop disabled=no dst-port=3422comment="Backdoor.IRC.Aladdinz.R-1"
add chain=virus protocol=tcp action=drop disabled=no dst-port=6667comment="W32.Korgo.A/B/C/D/E/F-4"
add chain=virus protocol=tcp action=drop disabled=no dst-port=6789comment="Worm.NetSky.S/T/U@mm"
add chain=virus protocol=tcp action=drop disabled=no dst-port=8787comment="Back.Orifice.2000.Trojan-1"
add chain=virus protocol=tcp action=drop disabled=no dst-port=8879comment="Back.Orifice.2000.Trojan-2"
add chain=virus protocol=tcp action=drop disabled=no dst-port=8967comment="W32.Dabber.A/B-2"
add chain=virus protocol=tcp action=drop disabled=no dst-port=9999comment="W32.Dabber.A/B-3"
add chain=virus protocol=tcp action=drop disabled=no dst-port=20034 comment="Block.NetBus.Trojan-2"
add chain=virus protocol=tcp action=drop disabled=no dst-port=21554 comment="GirlFriend.Trojan-1"
add chain=virus protocol=tcp action=drop disabled=no dst-port=31666 comment="Back.Orifice.2000.Trojan-3"
add chain=virus protocol=tcp action=drop disabled=no dst-port=43958 comment="Backdoor.IRC.Aladdinz.R-2"
add chain=virus protocol=tcp action=drop disabled=no dst-port=999 comment="DeepThroat.Trojan-3"
add chain=virus protocol=tcp action=drop disabled=no dst-port=6670comment="DeepThroat.Trojan-4"
add chain=virus protocol=tcp action=drop disabled=no dst-port=6771comment="DeepThroat.Trojan-5"
add chain=virus protocol=tcp action=drop disabled=no dst-port=60000 comment="DeepThroat.Trojan-6"
add chain=virus protocol=tcp action=drop disabled=no dst-port=2140comment="DeepThroat.Trojan-7"
add chain=virus protocol=tcp action=drop disabled=no dst-port=10067 comment="Portal.of.Doom.Trojan-1"
add chain=virus protocol=tcp action=drop disabled=no dst-port=10167 comment="Portal.of.Doom.Trojan-2"
add chain=virus protocol=tcp action=drop disabled=no dst-port=3700comment="Portal.of.Doom.Trojan-3"
add chain=virus protocol=tcp action=drop disabled=no dst-port=9872-9875 comment="Portal.of.Doom.Trojan-4"
add chain=virus protocol=tcp action=drop disabled=no dst-port=6883comment="Delta.Source.Trojan-1"
add chain=virus protocol=tcp action=drop disabled=no dst-port=26274 comment="Delta.Source.Trojan-2"
add chain=virus protocol=tcp action=drop disabled=no dst-port=4444comment="Delta.Source.Trojan-3"
add chain=virus protocol=tcp action=drop disabled=no dst-port=47262 comment="Delta.Source.Trojan-4"
add chain=virus protocol=tcp action=drop disabled=no dst-port=3791comment="Eclypse.Trojan-1"
add chain=virus protocol=tcp action=drop disabled=no dst-port=3801comment="Eclypse.Trojan-2"
add chain=virus protocol=tcp action=drop disabled=no dst-port=65390 comment="Eclypse.Trojan-3"
add chain=virus protocol=tcp action=drop disabled=no dst-port=5880-5882 comment="Y3K.RAT.Trojan-1"
add chain=virus protocol=tcp action=drop disabled=no dst-port=5888-5889 comment="Y3K.RAT.Trojan-2"
add chain=virus protocol=tcp action=drop disabled=no dst-port=30100-30103 comment="NetSphere.Trojan-1"
add chain=virus protocol=tcp action=drop disabled=no dst-port=30133 comment="NetSphere.Trojan-2"
add chain=virus protocol=tcp action=drop disabled=no dst-port=7300-7301 comment="NetMonitor.Trojan-1"
add chain=virus protocol=tcp action=drop disabled=no dst-port=7306-7308 comment="NetMonitor.Trojan-2"
add chain=virus protocol=tcp action=drop disabled=no dst-port=79 comment="FireHotcker.Trojan-1"
add chain=virus protocol=tcp action=drop disabled=no dst-port=5031 comment="FireHotcker.Trojan-2"
add chain=virus protocol=tcp action=drop disabled=no dst-port=5321 comment="FireHotcker.Trojan-3"
add chain=virus protocol=tcp action=drop disabled=no dst-port=6400 comment="TheThing.Trojan-1"
add chain=virus protocol=tcp action=drop disabled=no dst-port=7777 comment="TheThing.Trojan-2"
add chain=virus protocol=tcp action=drop disabled=no dst-port=1047 comment="GateCrasher.Trojan-1"
add chain=virus protocol=tcp action=drop disabled=no dst-port=6969-6970 comment="GateCrasher.Trojan-2"
add chain=virus protocol=tcp action=drop disabled=no dst-port=2774comment="SubSeven-1"
add chain=virus protocol=tcp action=drop disabled=no dst-port=27374 comment="SubSeven-2"
add chain=virus protocol=tcp action=drop disabled=no dst-port=1243comment="SubSeven-3"
add chain=virus protocol=tcp action=drop disabled=no dst-port=1234comment="SubSeven-4"
add chain=virus protocol=tcp action=drop disabled=no dst-port=6711-6713 comment="SubSeven-5"
add chain=virus protocol=tcp action=drop disabled=no dst-port=16959 comment="SubSeven-7"
add chain=virus protocol=tcp action=drop disabled=no dst-port=25685-25686 comment="Moonpie.Trojan-1"
add chain=virus protocol=tcp action=drop disabled=no dst-port=25982 comment="Moonpie.Trojan-2"
add chain=virus protocol=tcp action=drop disabled=no dst-port=31337-31339 comment="NetSpy.Trojan-3"
add chain=virus protocol=tcp action=drop disabled=no dst-port=8102comment="Trojan"
add chain=virus protocol=tcp action=drop disabled=no dst-port=8011comment="WAY.Trojan"
add chain=virus protocol=tcp action=drop disabled=no dst-port=7626comment="Trojan.BingHe"
add chain=virus protocol=tcp action=drop disabled=no dst-port=19191 comment="Trojan.NianSeHoYian"
add chain=virus protocol=tcp action=drop disabled=no dst-port=23444-23445 comment="NetBull.Trojan"
add chain=virus protocol=tcp action=drop disabled=no dst-port=2583comment="WinCrash.Trojan-1"
add chain=virus protocol=tcp action=drop disabled=no dst-port=3024comment="WinCrash.Trojan-2"
add chain=virus protocol=tcp action=drop disabled=no dst-port=4092comment="WinCrash.Trojan-3"
add chain=virus protocol=tcp action=drop disabled=no dst-port=5714comment="WinCrash.Trojan-4"
add chain=virus protocol=tcp action=drop disabled=no dst-port=1010-1012 comment="Doly1.0/1.35/1.5trojan-1"
add chain=virus protocol=tcp action=drop disabled=no dst-port=1015comment="Doly1.0/1.35/1.5trojan-2"
add chain=virus protocol=tcp action=drop disabled=no dst-port=2004-2005 comment="TransScout.Trojan-1"
add chain=virus protocol=tcp action=drop disabled=no dst-port=9878comment="TransScout.Trojan-2"
add chain=virus protocol=tcp action=drop disabled=no dst-port=2773comment="Backdoor.YAI.Trojan-1"
add chain=virus protocol=tcp action=drop disabled=no dst-port=7215comment="Backdoor.YAI.Trojan-2"
add chain=virus protocol=tcp action=drop disabled=no dst-port=54283 comment="Backdoor.YAI.Trojan-3"
add chain=virus protocol=tcp action=drop disabled=no dst-port=1003comment="BackDoorTrojan-1"
add chain=virus protocol=tcp action=drop disabled=no dst-port=5598comment="BackDoorTrojan-2"
add chain=virus protocol=tcp action=drop disabled=no dst-port=5698comment="BackDoorTrojan-3"
add chain=virus protocol=tcp action=drop disabled=no dst-port=31554 comment="SchainwindlerTrojan-2"
add chain=virus protocol=tcp action=drop disabled=no dst-port=18753 comment="Shaft.DDoS.Trojan-1"
add chain=virus protocol=tcp action=drop disabled=no dst-port=20432 comment="Shaft.DDoS.Trojan-2"
add chain=virus protocol=tcp action=drop disabled=no dst-port=65000 comment="Devil.DDoS.Trojan"
add chain=virus protocol=tcp action=drop disabled=no dst-port=11831 comment="LatinusTrojan-1"
add chain=virus protocol=tcp action=drop disabled=no dst-port=29559 comment="LatinusTrojan-2"
add chain=virus protocol=tcp action=drop disabled=no dst-port=1784comment="Snid.X2Trojan-1"
add chain=virus protocol=tcp action=drop disabled=no dst-port=3586comment="Snid.X2Trojan-2"
add chain=virus protocol=tcp action=drop disabled=no dst-port=7609comment="Snid.X2Trojan-3"
add chain=virus protocol=tcp action=drop disabled=no dst-port=1363-1364 comment="ndm.requester"
add chain=virus protocol=tcp action=drop disabled=no dst-port=12348-12349 comment="BionetTrojan-1"
add chain=virus protocol=tcp action=drop disabled=no dst-port=12478 comment="BionetTrojan-2"
add chain=virus protocol=tcp action=drop disabled=no dst-port=57922 comment="BionetTrojan-3"
add chain=virus protocol=tcp action=drop disabled=no dst-port=3127comment="Worm.Novarg.a.Mydoom.a1."
add chain=virus protocol=tcp action=drop disabled=no dst-port=6777comment="Worm.BBeagle.a.Bagle.a."
add chain=virus protocol=tcp action=drop disabled=no dst-port=8866comment="Worm.BBeagle.b"
add chain=virus protocol=tcp action=drop disabled=no dst-port=2745comment="Worm.BBeagle.c-g/j-l"
add chain=virus protocol=tcp action=drop disabled=no dst-port=2556comment="Worm.BBeagle.p/q/r/n"
add chain=virus protocol=tcp action=drop disabled=no dst-port=20742 comment="Worm.BBEagle.m-2"
add chain=virus protocol=tcp action=drop disabled=no dst-port=4751comment="Worm.BBeagle.s/t/u/v"
add chain=virus protocol=tcp action=drop disabled=no dst-port=2535comment="Worm.BBeagle.aa/ab/w/x-z-2"
add chain=virus protocol=tcp action=drop disabled=no dst-port=5238comment="Worm.LovGate.r.RpcExploit"
add chain=virus protocol=tcp action=drop disabled=no dst-port=1068comment="Worm.Sasser.a"
add chain=virus protocol=tcp action=drop disabled=no dst-port=5554comment="Worm.Sasser.b/c/f"
add chain=virus protocol=tcp action=drop disabled=no dst-port=9996comment="Worm.Sasser.b/c/f"
add chain=virus protocol=tcp action=drop disabled=no dst-port=9995comment="Worm.Sasser.d"
add chain=virus protocol=tcp action=drop disabled=no dst-port=10168 comment="Worm.Lovgate.a/b/c/d"
add chain=virus protocol=tcp action=drop disabled=no dst-port=20808 comment="Worm.Lovgate.v.QQ"
add chain=virus protocol=tcp action=drop disabled=no dst-port=1092comment="Worm.Lovgate.f/g"
add chain=virus protocol=tcp action=drop disabled=no dst-port=20168 comment="Worm.Lovgate.f/g"
add chain=virus protocol=tcp action=drop disabled=no dst-port=1368comment="screen.cast"
add chain=virus protocol=tcp action=drop disabled=no dst-port=1373comment="hromgrafx"
add chain=virus protocol=tcp action=drop disabled=no dst-port=1377comment="cichainlid"
add chain=virus protocol=tcp action=drop disabled=no dst-port=3410comment="Backdoor.Optixprotocol"
add chain=virus protocol=tcp action=drop disabled=no dst-port=8888comment="Worm.BBeagle.b"
add chain=virus protocol=udp action=drop disabled=no dst-port=44444 comment="Delta.Source.Trojan-7"
add chain=virus protocol=udp action=drop disabled=no dst-port=8998comment="Worm.Sobig.f-3"
add chain=virus protocol=udp action=drop disabled=no dst-port=123 comment="Worm.Sobig.f-1"
add chain=virus protocol=tcp action=drop disabled=no dst-port=3198comment="Worm.Novarg.a.Mydoom.a2."
add chain=virus protocol=tcp action=drop disabled=no dst-port=139 comment="Drop Blaster Worm"
add chain=virus protocol=tcp action=drop disabled=no dst-port=135 comment="Drop Blaster Worm"
add chain=virus protocol=tcp action=drop disabled=no dst-port=445 comment="Drop Blaster Worm"
上面是在网上看到一段封病毒端口的脚本,看得头晕吧?
其实这里面就只有一条规则,不同的只是端口而已
ROS里面有一个地址列表,可以大大简化地址规则,
不知道ROS有地址列表呢?我找了半天没找到,如果有的话,上面的这一大段脚本就只有如下的一句了:
add chain=virus protocol=tcp action=drop disabled=no dst-port=port-list comment="封常见病毒端口"
麻烦大家找找,如果找到的话,真是公德无量啊
页:
[1]