
#-----------------------------------------------------------------------
# Copyright (C) 2000-2001, Jean-Sebastien Morisset <jsmoriss@mvlan.net>
#-----------------------------------------------------------------------
# $Id: netbus,v 1.4 2001/08/11 17:01:21 jsmoriss Exp $
#-----------------------------------------------------------------------
# README
#-----------------------------------------------------------------------
#
# These rules were developed based on <http://xforce.iss.net/alerts/
# advise8.php>.
#
# NetBus allows the remote user to do most of the functions BO can do, 
# as well as open/close the CD-ROM drive, send interactive dialogs to 
# chat with the compromised system, listen to the system's microphone 
# (if it has one), and a few other features.
#
# To install, copy this file to /etc/firewall/modules/public/
# block-remote-ports/netbus. There's no need to execute rc.firewall 
# with the --update-config parameter.
# 
#-----------------------------------------------------------------------
# START OF MODULE CODE
#-----------------------------------------------------------------------

echo "Reject $INTOPT $IPADDR -> $ANY NetBus (logged)"
ipchains -A $OUTCHAIN -j REJECT -p tcp -y -s $IPADDR $UNPRIVPORTS -d $ANY 12345:12346 -l

