请大家看看，没有端口列表吗？

hcb · 发表于 2007-12-3 14:48:30

马上注册，结交更多好友，享用更多功能，让你轻松玩转社区。

您需要登录才可以下载或查看，没有账号？注册

×

add chain=virus protocol=tcp action=drop disabled=no dst-port=41 comment="DeepThroat.Trojan-1"
add chain=virus protocol=tcp action=drop disabled=no dst-port=82 comment="Worm.NetSky.Y@mm"
add chain=virus protocol=tcp action=drop disabled=no dst-port=113 comment="W32.Korgo.A/B/C/D/E/F-1"
add chain=virus protocol=tcp action=drop disabled=no dst-port=2041  comment="W33.Korgo.A/B/C/D/E/F-2"
add chain=virus protocol=tcp action=drop disabled=no dst-port=3150  comment="DeepThroat.Trojan-2"
add chain=virus protocol=tcp action=drop disabled=no dst-port=3067  comment="W32.Korgo.A/B/C/D/E/F-3"
add chain=virus protocol=tcp action=drop disabled=no dst-port=3422  comment="Backdoor.IRC.Aladdinz.R-1"
add chain=virus protocol=tcp action=drop disabled=no dst-port=6667  comment="W32.Korgo.A/B/C/D/E/F-4"
add chain=virus protocol=tcp action=drop disabled=no dst-port=6789  comment="Worm.NetSky.S/T/U@mm"
add chain=virus protocol=tcp action=drop disabled=no dst-port=8787  comment="Back.Orifice.2000.Trojan-1"
add chain=virus protocol=tcp action=drop disabled=no dst-port=8879  comment="Back.Orifice.2000.Trojan-2"
add chain=virus protocol=tcp action=drop disabled=no dst-port=8967  comment="W32.Dabber.A/B-2"
add chain=virus protocol=tcp action=drop disabled=no dst-port=9999  comment="W32.Dabber.A/B-3"
add chain=virus protocol=tcp action=drop disabled=no dst-port=20034 comment="Block.NetBus.Trojan-2"
add chain=virus protocol=tcp action=drop disabled=no dst-port=21554 comment="GirlFriend.Trojan-1"
add chain=virus protocol=tcp action=drop disabled=no dst-port=31666 comment="Back.Orifice.2000.Trojan-3"
add chain=virus protocol=tcp action=drop disabled=no dst-port=43958 comment="Backdoor.IRC.Aladdinz.R-2"
add chain=virus protocol=tcp action=drop disabled=no dst-port=999 comment="DeepThroat.Trojan-3"
add chain=virus protocol=tcp action=drop disabled=no dst-port=6670  comment="DeepThroat.Trojan-4"
add chain=virus protocol=tcp action=drop disabled=no dst-port=6771  comment="DeepThroat.Trojan-5"
add chain=virus protocol=tcp action=drop disabled=no dst-port=60000 comment="DeepThroat.Trojan-6"
add chain=virus protocol=tcp action=drop disabled=no dst-port=2140  comment="DeepThroat.Trojan-7"
add chain=virus protocol=tcp action=drop disabled=no dst-port=10067 comment="Portal.of.Doom.Trojan-1"
add chain=virus protocol=tcp action=drop disabled=no dst-port=10167 comment="Portal.of.Doom.Trojan-2"
add chain=virus protocol=tcp action=drop disabled=no dst-port=3700  comment="Portal.of.Doom.Trojan-3"
add chain=virus protocol=tcp action=drop disabled=no dst-port=9872-9875 comment="Portal.of.Doom.Trojan-4"
add chain=virus protocol=tcp action=drop disabled=no dst-port=6883  comment="Delta.Source.Trojan-1"
add chain=virus protocol=tcp action=drop disabled=no dst-port=26274 comment="Delta.Source.Trojan-2"
add chain=virus protocol=tcp action=drop disabled=no dst-port=4444  comment="Delta.Source.Trojan-3"
add chain=virus protocol=tcp action=drop disabled=no dst-port=47262 comment="Delta.Source.Trojan-4"
add chain=virus protocol=tcp action=drop disabled=no dst-port=3791  comment="Eclypse.Trojan-1"
add chain=virus protocol=tcp action=drop disabled=no dst-port=3801  comment="Eclypse.Trojan-2"
add chain=virus protocol=tcp action=drop disabled=no dst-port=65390 comment="Eclypse.Trojan-3"
add chain=virus protocol=tcp action=drop disabled=no dst-port=5880-5882 comment="Y3K.RAT.Trojan-1"
add chain=virus protocol=tcp action=drop disabled=no dst-port=5888-5889 comment="Y3K.RAT.Trojan-2"
add chain=virus protocol=tcp action=drop disabled=no dst-port=30100-30103 comment="NetSphere.Trojan-1"
add chain=virus protocol=tcp action=drop disabled=no dst-port=30133 comment="NetSphere.Trojan-2"
add chain=virus protocol=tcp action=drop disabled=no dst-port=7300-7301 comment="NetMonitor.Trojan-1"
add chain=virus protocol=tcp action=drop disabled=no dst-port=7306-7308 comment="NetMonitor.Trojan-2"
add chain=virus protocol=tcp action=drop disabled=no dst-port=79 comment="FireHotcker.Trojan-1"
add chain=virus protocol=tcp action=drop disabled=no dst-port=5031 comment="FireHotcker.Trojan-2"
add chain=virus protocol=tcp action=drop disabled=no dst-port=5321 comment="FireHotcker.Trojan-3"
add chain=virus protocol=tcp action=drop disabled=no dst-port=6400 comment="TheThing.Trojan-1"
add chain=virus protocol=tcp action=drop disabled=no dst-port=7777 comment="TheThing.Trojan-2"
add chain=virus protocol=tcp action=drop disabled=no dst-port=1047 comment="GateCrasher.Trojan-1"
add chain=virus protocol=tcp action=drop disabled=no dst-port=6969-6970 comment="GateCrasher.Trojan-2"
add chain=virus protocol=tcp action=drop disabled=no dst-port=2774  comment="SubSeven-1"
add chain=virus protocol=tcp action=drop disabled=no dst-port=27374 comment="SubSeven-2"
add chain=virus protocol=tcp action=drop disabled=no dst-port=1243  comment="SubSeven-3"
add chain=virus protocol=tcp action=drop disabled=no dst-port=1234  comment="SubSeven-4"
add chain=virus protocol=tcp action=drop disabled=no dst-port=6711-6713 comment="SubSeven-5"
add chain=virus protocol=tcp action=drop disabled=no dst-port=16959 comment="SubSeven-7"
add chain=virus protocol=tcp action=drop disabled=no dst-port=25685-25686 comment="Moonpie.Trojan-1"
add chain=virus protocol=tcp action=drop disabled=no dst-port=25982 comment="Moonpie.Trojan-2"
add chain=virus protocol=tcp action=drop disabled=no dst-port=31337-31339 comment="NetSpy.Trojan-3"
add chain=virus protocol=tcp action=drop disabled=no dst-port=8102  comment="Trojan"
add chain=virus protocol=tcp action=drop disabled=no dst-port=8011  comment="WAY.Trojan"
add chain=virus protocol=tcp action=drop disabled=no dst-port=7626  comment="Trojan.BingHe"
add chain=virus protocol=tcp action=drop disabled=no dst-port=19191 comment="Trojan.NianSeHoYian"
add chain=virus protocol=tcp action=drop disabled=no dst-port=23444-23445 comment="NetBull.Trojan"
add chain=virus protocol=tcp action=drop disabled=no dst-port=2583  comment="WinCrash.Trojan-1"
add chain=virus protocol=tcp action=drop disabled=no dst-port=3024  comment="WinCrash.Trojan-2"
add chain=virus protocol=tcp action=drop disabled=no dst-port=4092  comment="WinCrash.Trojan-3"
add chain=virus protocol=tcp action=drop disabled=no dst-port=5714  comment="WinCrash.Trojan-4"
add chain=virus protocol=tcp action=drop disabled=no dst-port=1010-1012 comment="Doly1.0/1.35/1.5trojan-1"
add chain=virus protocol=tcp action=drop disabled=no dst-port=1015  comment="Doly1.0/1.35/1.5trojan-2"
add chain=virus protocol=tcp action=drop disabled=no dst-port=2004-2005 comment="TransScout.Trojan-1"
add chain=virus protocol=tcp action=drop disabled=no dst-port=9878  comment="TransScout.Trojan-2"
add chain=virus protocol=tcp action=drop disabled=no dst-port=2773  comment="Backdoor.YAI.Trojan-1"
add chain=virus protocol=tcp action=drop disabled=no dst-port=7215  comment="Backdoor.YAI.Trojan-2"
add chain=virus protocol=tcp action=drop disabled=no dst-port=54283 comment="Backdoor.YAI.Trojan-3"
add chain=virus protocol=tcp action=drop disabled=no dst-port=1003  comment="BackDoorTrojan-1"
add chain=virus protocol=tcp action=drop disabled=no dst-port=5598  comment="BackDoorTrojan-2"
add chain=virus protocol=tcp action=drop disabled=no dst-port=5698  comment="BackDoorTrojan-3"
add chain=virus protocol=tcp action=drop disabled=no dst-port=31554 comment="SchainwindlerTrojan-2"
add chain=virus protocol=tcp action=drop disabled=no dst-port=18753 comment="Shaft.DDoS.Trojan-1"
add chain=virus protocol=tcp action=drop disabled=no dst-port=20432 comment="Shaft.DDoS.Trojan-2"
add chain=virus protocol=tcp action=drop disabled=no dst-port=65000 comment="Devil.DDoS.Trojan"
add chain=virus protocol=tcp action=drop disabled=no dst-port=11831 comment="LatinusTrojan-1"
add chain=virus protocol=tcp action=drop disabled=no dst-port=29559 comment="LatinusTrojan-2"
add chain=virus protocol=tcp action=drop disabled=no dst-port=1784  comment="Snid.X2Trojan-1"
add chain=virus protocol=tcp action=drop disabled=no dst-port=3586  comment="Snid.X2Trojan-2"
add chain=virus protocol=tcp action=drop disabled=no dst-port=7609  comment="Snid.X2Trojan-3"
add chain=virus protocol=tcp action=drop disabled=no dst-port=1363-1364 comment="ndm.requester"
add chain=virus protocol=tcp action=drop disabled=no dst-port=12348-12349 comment="BionetTrojan-1"
add chain=virus protocol=tcp action=drop disabled=no dst-port=12478 comment="BionetTrojan-2"
add chain=virus protocol=tcp action=drop disabled=no dst-port=57922 comment="BionetTrojan-3"
add chain=virus protocol=tcp action=drop disabled=no dst-port=3127  comment="Worm.Novarg.a.Mydoom.a1."
add chain=virus protocol=tcp action=drop disabled=no dst-port=6777  comment="Worm.BBeagle.a.Bagle.a."
add chain=virus protocol=tcp action=drop disabled=no dst-port=8866  comment="Worm.BBeagle.b"
add chain=virus protocol=tcp action=drop disabled=no dst-port=2745  comment="Worm.BBeagle.c-g/j-l"
add chain=virus protocol=tcp action=drop disabled=no dst-port=2556  comment="Worm.BBeagle.p/q/r/n"
add chain=virus protocol=tcp action=drop disabled=no dst-port=20742 comment="Worm.BBEagle.m-2"
add chain=virus protocol=tcp action=drop disabled=no dst-port=4751  comment="Worm.BBeagle.s/t/u/v"
add chain=virus protocol=tcp action=drop disabled=no dst-port=2535  comment="Worm.BBeagle.aa/ab/w/x-z-2"
add chain=virus protocol=tcp action=drop disabled=no dst-port=5238  comment="Worm.LovGate.r.RpcExploit"
add chain=virus protocol=tcp action=drop disabled=no dst-port=1068  comment="Worm.Sasser.a"
add chain=virus protocol=tcp action=drop disabled=no dst-port=5554  comment="Worm.Sasser.b/c/f"
add chain=virus protocol=tcp action=drop disabled=no dst-port=9996  comment="Worm.Sasser.b/c/f"
add chain=virus protocol=tcp action=drop disabled=no dst-port=9995  comment="Worm.Sasser.d"
add chain=virus protocol=tcp action=drop disabled=no dst-port=10168 comment="Worm.Lovgate.a/b/c/d"
add chain=virus protocol=tcp action=drop disabled=no dst-port=20808 comment="Worm.Lovgate.v.QQ"
add chain=virus protocol=tcp action=drop disabled=no dst-port=1092  comment="Worm.Lovgate.f/g"
add chain=virus protocol=tcp action=drop disabled=no dst-port=20168 comment="Worm.Lovgate.f/g"
add chain=virus protocol=tcp action=drop disabled=no dst-port=1368  comment="screen.cast"
add chain=virus protocol=tcp action=drop disabled=no dst-port=1373  comment="hromgrafx"
add chain=virus protocol=tcp action=drop disabled=no dst-port=1377  comment="cichainlid"
add chain=virus protocol=tcp action=drop disabled=no dst-port=3410  comment="Backdoor.Optixprotocol"
add chain=virus protocol=tcp action=drop disabled=no dst-port=8888  comment="Worm.BBeagle.b"
add chain=virus protocol=udp action=drop disabled=no dst-port=44444 comment="Delta.Source.Trojan-7"
add chain=virus protocol=udp action=drop disabled=no dst-port=8998  comment="Worm.Sobig.f-3"
add chain=virus protocol=udp action=drop disabled=no dst-port=123 comment="Worm.Sobig.f-1"
add chain=virus protocol=tcp action=drop disabled=no dst-port=3198  comment="Worm.Novarg.a.Mydoom.a2."
add chain=virus protocol=tcp action=drop disabled=no dst-port=139 comment="Drop Blaster Worm"
add chain=virus protocol=tcp action=drop disabled=no dst-port=135 comment="Drop Blaster Worm"
add chain=virus protocol=tcp action=drop disabled=no dst-port=445 comment="Drop Blaster Worm"

上面是在网上看到一段封病毒端口的脚本,看得头晕吧？
其实这里面就只有一条规则，不同的只是端口而已
ros里面有一个地址列表，可以大大简化地址规则，
不知道ROS有地址列表呢？我找了半天没找到，如果有的话，上面的这一大段脚本就只有如下的一句了:
add chain=virus protocol=tcp action=drop disabled=no dst-port=port-list comment="封常见病毒端口"

麻烦大家找找，如果找到的话，真是公德无量啊

账号		自动登录	找回密码
密码			注册

[其它] 请大家看看，没有端口列表吗？

马上注册，结交更多好友，享用更多功能，让你轻松玩转社区。