
#-----------------------------------------------------------------------
# Copyright (C) 2000-2001, Jean-Sebastien Morisset <jsmoriss@mvlan.net>
#-----------------------------------------------------------------------
# $Id: phasezero,v 1.4 2001/08/11 17:01:21 jsmoriss Exp $
#-----------------------------------------------------------------------
# README
#-----------------------------------------------------------------------
#
# These rules were developed based on <http://xforce.iss.net/alerts/
# advise30.php>.
#
# phAse Zero has all of the standard backdoor features, including the 
# ability to upload and download files to the computer using FTP, 
# execute programs, delete and move files, and read and write to the 
# registry. There is also a 'Trash Server' function that will delete 
# all files from your Windows system directory. phAse Zero runs on 
# Windows 95, 98, and Windows NT.
#
# To install, copy this file to /etc/firewall/modules/public/
# block-remote-ports/phasezero. There's no need to execute rc.firewall 
# with the --update-config parameter.
# 
#-----------------------------------------------------------------------
# START OF MODULE CODE
#-----------------------------------------------------------------------

echo "Reject $INTOPT $IPADDR -> $ANY phAse Zero (logged)"
ipchains -A $OUTCHAIN -j REJECT -p tcp -y -s $IPADDR $UNPRIVPORTS -d $ANY 555 -l

