常见病毒的ACL
2014-03-03 23:26
881 查看
当今社会,在IT界,网络安全尤为重要,还记得前段时间大家的QQ被盗,引发了一系列事故,我的QQ号也被盗,***用我的QQ号给我的好友发欺骗信息,导致很多朋友上当受骗。当然,设备的安全同样重要,去年,我们公司的设备密码被人破解,导致数据的丢失,由此影响了很多客户。所以,我在网上找了一些常用的命令总结了下,大家可以看下:
创建ACL
[zydx]acl name jiajia 2001
禁ping
rule deny icmp source any destination any
用于控制Blaster蠕虫的传播
rule deny udp source any destination any destination-port eq 69 rule deny tcp source any destination any destination-port eq 4444
用于控制冲击波病毒的扫描和***
rule deny tcp source any destination any destination-port eq 135 rule deny udp source any destination any destination-port eq 135
rule deny udp source any destination any destination-port eq netbios-ns rule deny udp source any destination any destination-port eq netbios-dgm rule deny tcp source any destination any destination-port eq 139 rule deny udp source any destination any destination-port eq 139 rule deny tcp source any destination any destination-port eq 445 rule deny udp source any destination any destination-port eq 445 rule deny udp source any destination any destination-port eq 593 rule deny tcp source any destination any destination-port eq 593
用于控制振荡波的扫描和***
rule deny tcp source any destination any destination-port eq 445
rule deny tcp source any destination any destination-port eq 5554 rule deny tcp source any destination any destination-port eq 9995 rule deny tcp source any destination any destination-port eq 9996
用于控制 Worm_MSBlast.A 蠕虫的传播
rule deny udp source any destination any destination-port eq 1434
下面的不出名的病毒端口号 (可以不作)
rule deny tcp source any destination any destination-port eq 1068 rule deny tcp source any destination any destination-port eq 5800 rule deny tcp source any destination any destination-port eq 5900 rule deny tcp source any destination any destination-port eq 10080 rule deny tcp source any destination any destination-port eq 455 rule deny udp source any destination any destination-port eq 455 rule deny tcp source any destination any destination-port eq 3208 rule deny tcp source any destination any destination-port eq 1871 rule deny tcp source any destination any destination-port eq 4510 rule deny udp source any destination any destination-port eq 4334rule deny tcp source any destination any destination-port eq 4331 rule deny tcp source any destination any destination-port eq 4557
创建ACL
[zydx]acl name jiajia 2001
禁ping
rule deny icmp source any destination any
用于控制Blaster蠕虫的传播
rule deny udp source any destination any destination-port eq 69 rule deny tcp source any destination any destination-port eq 4444
用于控制冲击波病毒的扫描和***
rule deny tcp source any destination any destination-port eq 135 rule deny udp source any destination any destination-port eq 135
rule deny udp source any destination any destination-port eq netbios-ns rule deny udp source any destination any destination-port eq netbios-dgm rule deny tcp source any destination any destination-port eq 139 rule deny udp source any destination any destination-port eq 139 rule deny tcp source any destination any destination-port eq 445 rule deny udp source any destination any destination-port eq 445 rule deny udp source any destination any destination-port eq 593 rule deny tcp source any destination any destination-port eq 593
用于控制振荡波的扫描和***
rule deny tcp source any destination any destination-port eq 445
rule deny tcp source any destination any destination-port eq 5554 rule deny tcp source any destination any destination-port eq 9995 rule deny tcp source any destination any destination-port eq 9996
用于控制 Worm_MSBlast.A 蠕虫的传播
rule deny udp source any destination any destination-port eq 1434
下面的不出名的病毒端口号 (可以不作)
rule deny tcp source any destination any destination-port eq 1068 rule deny tcp source any destination any destination-port eq 5800 rule deny tcp source any destination any destination-port eq 5900 rule deny tcp source any destination any destination-port eq 10080 rule deny tcp source any destination any destination-port eq 455 rule deny udp source any destination any destination-port eq 455 rule deny tcp source any destination any destination-port eq 3208 rule deny tcp source any destination any destination-port eq 1871 rule deny tcp source any destination any destination-port eq 4510 rule deny udp source any destination any destination-port eq 4334rule deny tcp source any destination any destination-port eq 4331 rule deny tcp source any destination any destination-port eq 4557
相关文章推荐