duficy
asked on
Sonicwall not blocking IRC
It appears that on one my colo box has a trojan horse on. I setup a rule to block TCP port 6667 - 6669. But this traffic is still coming through. I think the problem is that the since the traffic originates from his box behind the firewall the packets are allowedl. How do I block this using my sonicwall pro 200 firewall
Thanks.
Duficy
Thanks.
Duficy
ASKER
Ok so If I create a rule called BLOCKIRC that block 6969 and setup
deny LAN > WAN BLOCKIRC
will this block this traffic even if's established.
Also is there any way to use the sonicwall to break an existing connection.
deny LAN > WAN BLOCKIRC
will this block this traffic even if's established.
Also is there any way to use the sonicwall to break an existing connection.
It will stop furthe rocnnections...
To /break/ existing cobbections, you will have too either restart, or pull the plug for a few seconds.
A restart for /maintenance/ may we wise.
Tony
To /break/ existing cobbections, you will have too either restart, or pull the plug for a few seconds.
A restart for /maintenance/ may we wise.
Tony
ASKER
>o /break/ existing cobbections, you will have too either restart, or pull the plug for a few seconds.
Isn't there a way to setup a route on sonicwall to route the offending IP to /dev/null
Isn't there a way to setup a route on sonicwall to route the offending IP to /dev/null
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
DENY IRC (6667 - 6669) Server1 (192.168.1.1) ANY (*)
If the packets are originating internally then it will have to be blocked from internal to external.
hth
Tony