API tools faq
paste
Advertisement
BimoSora

Drop Virus Filter Mikrotik

BimoSora
Apr 18th, 2019
114
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 50.73 KB | None | 0 0
raw download clone embed print report
  1. /ip firewall filter
  2. add action=jump chain=forward comment="Jump to handle virus from TCP port" disabled=no log=yes jump-target=tcp-virus protocol=tcp
  3. add action=jump chain=forward comment="Jump to handle virus from UDP port" disabled=no log=yes jump-target=udp-virus protocol=udp
  4. add action=drop chain=tcp-virus comment="Socks D Troie, Death" disabled= no log=yes dst-port=1-2 protocol=tcp
  5. add action=drop chain=tcp-virus comment="Agent 31, Hacker's Paradise, Agent 40421" disabled=no log=yes dst-port=30-31 protocol=tcp
  6. add action=drop chain=tcp-virus comment="More than 3 kno log=yeswn worms and trojans use this port" disabled=no log=yes dst-port=37 protocol=tcp
  7. add action=drop chain=tcp-virus comment="Deep Throat Fore play" disabled=no log=yes dst-port=41 protocol=tcp
  8. add action=drop chain=tcp-virus comment=DRAT disabled=no log=yes dst-port=48 protocol=tcp
  9. add action=drop chain=tcp-virus comment=DRAT disabled=no log=yes dst-port=50 protocol=tcp
  10. add action=drop chain=tcp-virus comment="DM Setup" disabled=no log=yes dst-port=58-59 protocol=tcp
  11. add action=drop chain=tcp-virus comment=W32.Evala.Worm disabled=no log=yes dst-port=69-70 protocol=tcp
  12. add action=drop chain=tcp-virus comment="CDK, Firehotcker" disabled=no log=yes dst-port=79 protocol=tcp
  13. add action=drop chain=tcp-virus comment="Beagle.S RemoconChubo" disabled=no log=yes dst-port=81 protocol=tcp
  14. add action=drop chain=tcp-virus comment="More than 3 kno log=yeswn worms and trojans use this port" disabled=no log=yes dst-port=85-90 protocol=tcp
  15. add action=drop chain=tcp-virus comment="Common Port for phishing scam sit, Hiddenport, NCX" disabled=no log=yes dst-port=99 protocol=tcp
  16. add action=drop chain=tcp-virus comment="More than 3 kno log=yeswn worms and trojans usethis port , Invisible Identd Deamon, Kazimas" disabled=no log=yes dst-port=113 protocol=tcp
  17. add action=drop chain=tcp-virus comment=Happy99 disabled=no log=yes dst-port=119 protocol=tcp
  18. add action=drop chain=tcp-virus comment="Jammer Killah, Attack Bot, God Msage" disabled=no log=yes dst-port=121 protocol=tcp
  19. add action=drop chain=tcp-virus comment="Password Generator Protocol" disabled=no log=yes dst-port=129 protocol=tcp
  20. add action=drop chain=tcp-virus comment=Farnaz disabled=no log=yes dst-port=133 protocol=tcp
  21. add action=drop chain=tcp-virus comment="More than 3 kno log=yeswn worms and trojans use this port" disabled=no log=yes dst-port=136-138 protocol=tcp
  22. add action=drop chain=tcp-virus comment=NetTaxi disabled=no log=yes dst-port=142 protocol=tcp
  23. add action=drop chain=tcp-virus comment="Infector 1.3" disabled=no log=yes dst-port=146 protocol=tcp
  24. add action=drop chain=tcp-virus comment=Backage disabled=no log=yes dst-port=334 protocol=tcp
  25. add action=drop chain=tcp-virus comment=Backage disabled=no log=yes dst-port=411 protocol=tcp
  26. add action=drop chain=tcp-virus comment="W32.kibuv.b, Breach, Incognito, tcp Wrappers" disabled=no log=yes dst-port=420-421 protocol=tcp
  27. add action=drop chain=tcp-virus comment= "Fatal Connections - Hacker's Paradise" disabled=no log=yes dst-port=455-456 protocol=tcp
  28. add action=drop chain=tcp-virus comment="Hacker's Paradise" disabled=no log=yes dst-port=456 protocol=tcp
  29. add action=drop chain=tcp-virus comment="Grlogin, RPC backDoor" disabled=no log=yes dst-port=513-514 protocol=tcp
  30. add action=drop chain=tcp-virus comment=W32.kibuv.worm disabled=no log=yes dst-port=530 protocol=tcp
  31. add action=drop chain=tcp-virus comment="Rasmin, Net666" disabled=no log=yes dst-port=531 protocol=tcp
  32. add action=drop chain=tcp-virus comment= "Stealth Spy, Phaze, 7-11 Trojan, Ini-Killer, Phase Zero, Phase-0" disabled=no log=yes dst-port=555 protocol=tcp
  33. add action=drop chain=tcp-virus comment= "More than 3 kno log=yeswn worms and trojans use this port" disabled=no log=yes dst-port= 559 protocol=tcp
  34. add action=drop chain=tcp-virus comment="Sober worm Variants" disabled=no log=yes dst-port=587 protocol=tcp
  35. add action=drop chain=tcp-virus comment="W.32.Sasser worm" disabled=no log=yes dst-port=593 protocol=tcp
  36. add action=drop chain=tcp-virus comment="Secret Service" disabled=no log=yes dst-port=605 protocol=tcp
  37. add action=drop chain=tcp-virus comment= "Attack FTP, Back Construction, BLA Trojan, no log=yeskno log=yesk, satans" disabled=no log=yes dst-port=666 protocol=tcp
  38. add action=drop chain=tcp-virus comment=SnipperNet disabled=no log=yes dst-port=667 protocol=tcp
  39. add action=drop chain=tcp-virus comment="Dp Trojan" disabled=no log=yes dst-port= 669 protocol=tcp
  40. add action=drop chain=tcp-virus comment=GayOL disabled=no log=yes dst-port=692 protocol=tcp
  41. add action=drop chain=tcp-virus comment="BackDoor.Netcrack.B - AimSpy" disabled=no log=yes dst-port=777-778 protocol=tcp
  42. add action=drop chain=tcp-virus comment=WinHole disabled=no log=yes dst-port=808 protocol=tcp
  43. add action=drop chain=tcp-virus comment= "Common Port for phishing scam sit" disabled=no log=yes dst-port=880 protocol= tcp
  44. add action=drop chain=tcp-virus comment=Backdoor.Devil disabled=no log=yes dst-port=901-902 protocol=tcp
  45. add action=drop chain=tcp-virus comment="Dark Shadow" disabled=no log=yes dst-port= 911 protocol=tcp
  46. add action=drop chain=tcp-virus comment= "More than 3 kno log=yeswn worms and trojans use this port" disabled=no log=yes dst-port= 999-1001 protocol=tcp
  47. add action=drop chain=tcp-virus comment="Doly Trojan" disabled=no log=yes dst-port= 1011-1016 protocol=tcp
  48. add action=drop chain=tcp-virus comment=Vampire disabled=no log=yes dst-port=1020 protocol=tcp
  49. add action=drop chain=tcp-virus comment=Backdoor.lingosky disabled=no log=yes dst-port=1024-1025 protocol=tcp
  50. add action=drop chain=tcp-virus comment="NetSpy, Multidropper" disabled=no log=yes dst-port=1033-1035 protocol=tcp
  51. add action=drop chain=tcp-virus comment=Bla disabled=no log=yes dst-port=1042 protocol=tcp
  52. add action=drop chain=tcp-virus comment=Rasmin disabled=no log=yes dst-port=1045 protocol=tcp
  53. add action=drop chain=tcp-virus comment="/sbin/initd - MiniCommand" disabled=no log=yes dst-port=1049-1050 protocol=tcp
  54. add action=drop chain=tcp-virus comment="The Thief, AckCmd" disabled=no log=yes dst-port=1053-1054 protocol=tcp
  55. add action=drop chain=tcp-virus comment="Backdoor.Zagaban, WinHole" disabled=no log=yes dst-port=1080-1083 protocol=tcp
  56. add action=drop chain=tcp-virus comment=Xtreme disabled=no log=yes dst-port=1090 protocol=tcp
  57. add action=drop chain=tcp-virus comment="RAT, Blood Ft Evoltion" disabled=no log=yes dst-port=1095-1099 protocol=tcp
  58. add action=drop chain=tcp-virus comment= "More than 3 kno log=yeswn worms and trojans use this port" disabled=no log=yes dst-port= 1111 protocol=tcp
  59. add action=drop chain=tcp-virus comment=Orion disabled=no log=yes dst-port= 1150-1151 protocol=tcp
  60. add action=drop chain=tcp-virus comment="Psyber Stream Server" disabled=no log=yes dst-port=1170 protocol=tcp
  61. add action=drop chain=tcp-virus comment=SoftWAR,Infector disabled=no log=yes dst-port=1207-1208 protocol=tcp
  62. add action=drop chain=tcp-virus comment=Kaos disabled=no log=yes dst-port=1212 protocol=tcp
  63. add action=drop chain=tcp-virus comment=Backdoor.Sazo disabled=no log=yes dst-port= 1218 protocol=tcp
  64. add action=drop chain=tcp-virus comment= "More than 3 kno log=yeswn worms and trojans use this port" disabled=no log=yes dst-port= 1234 protocol=tcp
  65. add action=drop chain=tcp-virus comment="Sub Seven" disabled=no log=yes dst-port= 1243 protocol=tcp
  66. add action=drop chain=tcp-virus comment="VooDoo Doll" disabled=no log=yes dst-port= 1245 protocol=tcp
  67. add action=drop chain=tcp-virus comment="Scarab, Project next" disabled=no log=yes dst-port=1255-1256 protocol=tcp
  68. add action=drop chain=tcp-virus comment="Maverick's Matrix" disabled=no log=yes dst-port=1269 protocol=tcp
  69. add action=drop chain=tcp-virus comment="The Matrix" disabled=no log=yes dst-port= 1272 protocol=tcp
  70. add action=drop chain=tcp-virus comment=NETrojan disabled=no log=yes dst-port=1313 protocol=tcp
  71. add action=drop chain=tcp-virus comment="Millenium Worm" disabled=no log=yes dst-port=1338 protocol=tcp
  72. add action=drop chain=tcp-virus comment="Bo dll" disabled=no log=yes dst-port=1349 protocol=tcp
  73. add action=drop chain=tcp-virus comment="GoFriller, Backdoor G-1" disabled= no log=yes dst-port=1394 protocol=tcp
  74. add action=drop chain=tcp-virus comment="remote Storm" disabled=no log=yes dst-port=1441 protocol=tcp
  75. add action=drop chain=tcp-virus comment=FTP99CMP disabled=no log=yes dst-port=1492 protocol=tcp
  76. add action=drop chain=tcp-virus comment="FunkProxy " disabled=no log=yes dst-port= 1505 protocol=tcp
  77. add action=drop chain=tcp-virus comment="Psyber Streaming server" disabled= no log=yes dst-port=1509 protocol=tcp
  78. add action=drop chain=tcp-virus comment=Trino log=yeso disabled=no log=yes dst-port=1524 protocol=tcp
  79. add action=drop chain=tcp-virus comment="Remote Hack" disabled=no log=yes dst-port= 1568 protocol=tcp
  80. add action=drop chain=tcp-virus comment="Backdoor.Miffice, Bize.Worm" disabled=no log=yes dst-port=1533-1534 protocol=tcp
  81. add action=drop chain=tcp-virus comment="Shivka-Burka, Direct Connection" disabled=no log=yes dst-port=1600 protocol=tcp
  82. add action=drop chain=tcp-virus comment="ICA Browser" disabled=no log=yes dst-port= 1604 protocol=tcp
  83. add action=drop chain=tcp-virus comment=Exploiter disabled=no log=yes dst-port=1703 protocol=tcp
  84. add action=drop chain=tcp-virus comment=Scarab disabled=no log=yes dst-port=1777 protocol=tcp
  85. add action=drop chain=tcp-virus comment=Loxbot.d disabled=no log=yes dst-port=1751 protocol=tcp
  86. add action=drop chain=tcp-virus comment=Backdoor.NetControle disabled=no log=yes dst-port=1772 protocol=tcp
  87. add action=drop chain=tcp-virus comment=SpySender disabled=no log=yes dst-port=1807 protocol=tcp
  88. add action=drop chain=tcp-virus comment= "More than 3 kno log=yeswn worms and trojans use this port" disabled=no log=yes dst-port= 1863 protocol=tcp
  89. add action=drop chain=tcp-virus comment="Fake FTP. WM FTP Server" disabled= no log=yes dst-port=1966-1967 protocol=tcp
  90. add action=drop chain=tcp-virus comment="Shockrave, Bowl" disabled=no log=yes dst-port=1981 protocol=tcp
  91. add action=drop chain=tcp-virus comment="OpC BO" disabled=no log=yes dst-port=1969 protocol=tcp
  92. add action=drop chain=tcp-virus comment= "More than 3 kno log=yeswn worms and trojans use this port" disabled=no log=yes dst-port= 1999-2005 protocol=tcp
  93. add action=drop chain=tcp-virus comment=Ripper disabled=no log=yes dst-port=2023 protocol=tcp
  94. add action=drop chain=tcp-virus comment=W32.korgo.a disabled=no log=yes dst-port= 2041 protocol=tcp
  95. add action=drop chain=tcp-virus comment="Backdoor.TJServ - WinHole" disabled=no log=yes dst-port=2080 protocol=tcp
  96. add action=drop chain=tcp-virus comment=Backdoor.Expjan disabled=no log=yes dst-port=2090 protocol=tcp
  97. add action=drop chain=tcp-virus comment=Bugs disabled=no log=yes dst-port=2115 protocol=tcp
  98. add action=drop chain=tcp-virus comment="Deep Throat" disabled=no log=yes dst-port= 2140 protocol=tcp
  99. add action=drop chain=tcp-virus comment="Illusion Mailer" disabled=no log=yes dst-port=2155 protocol=tcp
  100. add action=drop chain=tcp-virus comment=Nirvana disabled=no log=yes dst-port=2255 protocol=tcp
  101. add action=drop chain=tcp-virus comment="Hvl RAT, Dumaru" disabled=no log=yes dst-port=2283 protocol=tcp
  102. add action=drop chain=tcp-virus comment=Xplorer disabled=no log=yes dst-port=2300 protocol=tcp
  103. add action=drop chain=tcp-virus comment="Studio 54" disabled=no log=yes dst-port= 2311 protocol=tcp
  104. add action=drop chain=tcp-virus comment=backdoor.shellbot disabled=no log=yes dst-port=2322 protocol=tcp
  105. add action=drop chain=tcp-virus comment= "backdoor.shellbot, Eyeveg.worm.c, contact" disabled=no log=yes dst-port= 2330-2339 protocol=tcp
  106. add action=drop chain=tcp-virus comment=vbs.shania disabled=no log=yes dst-port= 2414 protocol=tcp
  107. add action=drop chain=tcp-virus comment=Beagle.N disabled=no log=yes dst-port=2556 protocol=tcp
  108. add action=drop chain=tcp-virus comment=Striker disabled=no log=yes dst-port=2565 protocol=tcp
  109. add action=drop chain=tcp-virus comment=WinCrash disabled=no log=yes dst-port=2583 protocol=tcp
  110. add action=drop chain=tcp-virus comment="The Prayer 1.2 -1.3" disabled=no log=yes dst-port=2716 protocol=tcp
  111. add action=drop chain=tcp-virus comment="Phase Zero" disabled=no log=yes dst-port= 2721 protocol=tcp
  112. add action=drop chain=tcp-virus comment=Beagle.J disabled=no log=yes dst-port=2745 protocol=tcp
  113. add action=drop chain=tcp-virus comment=W32.hllw.deadhat.b disabled=no log=yes dst-port=2766 protocol=tcp
  114. add action=drop chain=tcp-virus comment=SubSeven disabled=no log=yes dst-port= 2773-2774 protocol=tcp
  115. add action=drop chain=tcp-virus comment="Phineas Phucker" disabled=no log=yes dst-port=2801 protocol=tcp
  116. add action=drop chain=tcp-virus comment=Backdoor.Brador.A disabled=no log=yes dst-port=2989 protocol=tcp
  117. add action=drop chain=tcp-virus comment="Remote Shut" disabled=no log=yes dst-port= 3000 protocol=tcp
  118. add action=drop chain=tcp-virus comment=WinCrash disabled=no log=yes dst-port=3024 protocol=tcp
  119. add action=drop chain=tcp-virus comment=Backdoor.Wortbot disabled=no log=yes dst-port=3028 protocol=tcp
  120. add action=drop chain=tcp-virus comment="W32.Mytob.cz@mm, MicroSpy" disabled=no log=yes dst-port=3030-3031 protocol=tcp
  121. add action=drop chain=tcp-virus comment=W32.korgo.a disabled=no log=yes dst-port= 3067 protocol=tcp
  122. add action=drop chain=tcp-virus comment= "More than 3 kno log=yeswn worms and trojans use this port" disabled=no log=yes dst-port= 3127-3198 protocol=tcp
  123. add action=drop chain=tcp-virus comment=W32.HLLW.Dax disabled=no log=yes dst-port= 3256 protocol=tcp
  124. add action=drop chain=tcp-virus comment= "More than 3 kno log=yeswn worms and trojans use this port" disabled=no log=yes dst-port= 3332 protocol=tcp
  125. add action=drop chain=tcp-virus comment=w32.Mytob.kp@MM disabled=no log=yes dst-port=3385 protocol=tcp
  126. add action=drop chain=tcp-virus comment=W32.mockbot.a.worm disabled=no log=yes dst-port=3410 protocol=tcp
  127. add action=drop chain=tcp-virus comment="Backdoor.Fearic, Terror Trojan" disabled=no log=yes dst-port=3456 protocol=tcp
  128. add action=drop chain=tcp-virus comment="Eclipse 2000" disabled=no log=yes dst-port=3459 protocol=tcp
  129. add action=drop chain=tcp-virus comment=Backdoor.Amitis.B disabled=no log=yes dst-port=3547 protocol=tcp
  130. add action=drop chain=tcp-virus comment="Portal of Doom" disabled=no log=yes dst-port=3700 protocol=tcp
  131. add action=drop chain=tcp-virus comment=Backdoor.helios disabled=no log=yes dst-port=3737 protocol=tcp
  132. add action=drop chain=tcp-virus comment=PsychWard disabled=no log=yes dst-port=3777 protocol=tcp
  133. add action=drop chain=tcp-virus comment=Eclypse disabled=no log=yes dst-port=3791 protocol=tcp
  134. add action=drop chain=tcp-virus comment=Eclypse disabled=no log=yes dst-port=3801 protocol=tcp
  135. add action=drop chain=tcp-virus comment=SkyDance,Backdoor.OptixPro.13.C disabled=no log=yes dst-port=4000-4001 protocol=tcp
  136. add action=drop chain=tcp-virus comment=WinCrash disabled=no log=yes dst-port=4092 protocol=tcp
  137. add action=drop chain=tcp-virus comment=Backdoor.rcserv disabled=no log=yes dst-port=4128 protocol=tcp
  138. add action=drop chain=tcp-virus comment= "Backdoor.Nemog.D - Virtual Hacking Machine" disabled=no log=yes dst-port=4242 protocol=tcp
  139. add action=drop chain=tcp-virus comment=Backdoor.smokodoor disabled=no log=yes dst-port=4300 protocol=tcp
  140. add action=drop chain=tcp-virus comment=BoBo disabled=no log=yes dst-port=4321 protocol=tcp
  141. add action=drop chain=tcp-virus comment=Phatbot disabled=no log=yes dst-port=4387 protocol=tcp
  142. add action=drop chain=tcp-virus comment= "More than 3 kno log=yeswn worms and trojans use this port" disabled=no log=yes dst-port= 4444 protocol=tcp
  143. add action=drop chain=tcp-virus comment=W32.mytob.db disabled=no log=yes dst-port= 4512 protocol=tcp
  144. add action=drop chain=tcp-virus comment="File Nail" disabled=no log=yes dst-port= 4567 protocol=tcp
  145. add action=drop chain=tcp-virus comment="ICQ Trojan" disabled=no log=yes dst-port= 4590 protocol=tcp
  146. add action=drop chain=tcp-virus comment=Backdoor.Nemog.D disabled=no log=yes dst-port=4646 protocol=tcp
  147. add action=drop chain=tcp-virus comment=Backdoor.Nemog.D disabled=no log=yes dst-port=4661 protocol=tcp
  148. add action=drop chain=tcp-virus comment=Beagle.U disabled=no log=yes dst-port=4751 protocol=tcp
  149. add action=drop chain=tcp-virus comment=Backdoor.tuxder disabled=no log=yes dst-port=4820 protocol=tcp
  150. add action=drop chain=tcp-virus comment=W32.Opanki disabled=no log=yes dst-port= 4888 protocol=tcp
  151. add action=drop chain=tcp-virus comment=W32.RaHack disabled=no log=yes dst-port= 4899 protocol=tcp
  152. add action=drop chain=tcp-virus comment= "Common Port for phishing scam sit" disabled=no log=yes dst-port=4903 protocol= tcp
  153. add action=drop chain=tcp-virus comment="ICQ Trogen" disabled=no log=yes dst-port= 4950 protocol=tcp
  154. add action=drop chain=tcp-virus comment="Sokets de Trois v1./Bubbel, cd00r" disabled=no log=yes dst-port=5000-5002 protocol=tcp
  155. add action=drop chain=tcp-virus comment=Solo,Ootlt disabled=no log=yes dst-port= 5010-5011 protocol=tcp
  156. add action=drop chain=tcp-virus comment="WM Remote Keylogger" disabled=no log=yes dst-port=5025 protocol=tcp
  157. add action=drop chain=tcp-virus comment="Net Metropolitan 1.0" disabled=no log=yes dst-port=5031-5032 protocol=tcp
  158. add action=drop chain=tcp-virus comment=Backdoor.laphex.client disabled=no log=yes dst-port=5152 protocol=tcp
  159. add action=drop chain=tcp-virus comment= "More than 3 kno log=yeswn worms and trojans use this port" disabled=no log=yes dst-port= 5190 protocol=tcp
  160. add action=drop chain=tcp-virus comment=Firehotcker disabled=no log=yes dst-port= 5321 protocol=tcp
  161. add action=drop chain=tcp-virus comment=Baackage,NetDemon disabled=no log=yes dst-port=5333 protocol=tcp
  162. add action=drop chain=tcp-virus comment="WC Remote Administration Tool" disabled=no log=yes dst-port=5343 protocol=tcp
  163. add action=drop chain=tcp-virus comment="Blade Runner" disabled=no log=yes dst-port=5400-5402 protocol=tcp
  164. add action=drop chain=tcp-virus comment= "Backdoor.DarkSky.B, Backconstruction" disabled=no log=yes dst-port=5418-5419 protocol=tcp
  165. add action=drop chain=tcp-virus comment="Xtcp, Illusion Mailer" disabled=no log=yes dst-port=5512 protocol=tcp
  166. add action=drop chain=tcp-virus comment="The Flu" disabled=no log=yes dst-port=5534 protocol=tcp
  167. add action=drop chain=tcp-virus comment= "More than 3 kno log=yeswn worms and trojans use this port " disabled=no log=yes dst-port=5550-5558 protocol=tcp
  168. add action=drop chain=tcp-virus comment=Robo-Hack disabled=no log=yes dst-port=5569 protocol=tcp
  169. add action=drop chain=tcp-virus comment=Backdoor.EasyServ disabled=no log=yes dst-port=5588 protocol=tcp
  170. add action=drop chain=tcp-virus comment="PC Crasher" disabled=no log=yes dst-port= 5637-5638 protocol=tcp
  171. add action=drop chain=tcp-virus comment=WinCrash disabled=no log=yes dst-port=5714 protocol=tcp
  172. add action=drop chain=tcp-virus comment=WinCrash disabled=no log=yes dst-port= 5741-5742 protocol=tcp
  173. add action=drop chain=tcp-virus comment="Portmap Remote Root Linux Exploit" disabled=no log=yes dst-port=5760 protocol=tcp
  174. add action=drop chain=tcp-virus comment=Backdoor.Evivinc disabled=no log=yes dst-port=5800 protocol=tcp
  175. add action=drop chain=tcp-virus comment="Y3K RAT" disabled=no log=yes dst-port=5880 protocol=tcp
  176. add action=drop chain=tcp-virus comment="Y3K RAT" disabled=no log=yes dst-port=5882 protocol=tcp
  177. add action=drop chain=tcp-virus comment="Y3K RAT" disabled=no log=yes dst-port= 5888-5889 protocol=tcp
  178. add action=drop chain=tcp-virus comment=LovGate.ak disabled=no log=yes dst-port= 6000 protocol=tcp
  179. add action=drop chain=tcp-virus comment="Bad Blood" disabled=no log=yes dst-port= 6006 protocol=tcp
  180. add action=drop chain=tcp-virus comment=W32.mockbot.a.worm disabled=no log=yes dst-port=6129 protocol=tcp
  181. add action=drop chain=tcp-virus comment= "Common Port for phishing scam sit" disabled=no log=yes dst-port=6180 protocol= tcp
  182. add action=drop chain=tcp-virus comment=Trojan.Tilser disabled=no log=yes dst-port= 6187 protocol=tcp
  183. add action=drop chain=tcp-virus comment="Secret Service" disabled=no log=yes dst-port=6272 protocol=tcp
  184. add action=drop chain=tcp-virus comment="The Thing" disabled=no log=yes dst-port= 6400 protocol=tcp
  185. add action=drop chain=tcp-virus comment=Backdoor.Nemog.D disabled=no log=yes dst-port=6565 protocol=tcp
  186. add action=drop chain=tcp-virus comment=backdoor.sdbot.ag disabled=no log=yes dst-port=6631 protocol=tcp
  187. add action=drop chain=tcp-virus comment="TEMan, Weia-Meia" disabled=no log=yes dst-port=6661 protocol=tcp
  188. add action=drop chain=tcp-virus comment= "Netbus Worm, winSATAN, Dark FTP, Schedule Agent" disabled=no log=yes dst-port= 6666-6667 protocol=tcp
  189. add action=drop chain=tcp-virus comment="Vampyre, Deep Throat" disabled=no log=yes dst-port=6669-6671 protocol=tcp
  190. add action=drop chain=tcp-virus comment="Sub Seven, Backdoor.G" disabled=no log=yes dst-port=6711-6713 protocol=tcp
  191. add action=drop chain=tcp-virus comment="Mstream attack-handler" disabled= no log=yes dst-port=6723 protocol=tcp
  192. add action=drop chain=tcp-virus comment="Deep Throat" disabled=no log=yes dst-port= 6771 protocol=tcp
  193. add action=drop chain=tcp-virus comment= "Sub Seven, Backdoor.G, W32/Bagle@MM" disabled=no log=yes dst-port=6776-6777 protocol=tcp
  194. add action=drop chain=tcp-virus comment=NetSky.U disabled=no log=yes dst-port=6789 protocol=tcp
  195. add action=drop chain=tcp-virus comment="Delta source DarkStar" disabled=no log=yes dst-port=6883 protocol=tcp
  196. add action=drop chain=tcp-virus comment="Shxt Heap " disabled=no log=yes dst-port= 6912 protocol=tcp
  197. add action=drop chain=tcp-virus comment=Indoctrination disabled=no log=yes dst-port=6939 protocol=tcp
  198. add action=drop chain=tcp-virus comment= "More than 3 kno log=yeswn worms and trojans use this port" disabled=no log=yes dst-port= 6969 protocol=tcp
  199. add action=drop chain=tcp-virus comment="Gate Crasher" disabled=no log=yes dst-port=6970 protocol=tcp
  200. add action=drop chain=tcp-virus comment="w32.mytob.mx@mm, Remote Grab, explo it translation server, kazimas, remote grab" disabled=no log=yes dst-port= 7000-7001 protocol=tcp
  201. add action=drop chain=tcp-virus comment="Unkno log=yeswn Trojan" disabled=no log=yes dst-port=7028 protocol=tcp
  202. add action=drop chain=tcp-virus comment=W32.Spybot.ycl disabled=no log=yes dst-port=7043 protocol=tcp
  203. add action=drop chain=tcp-virus comment=SubSeven disabled=no log=yes dst-port=7215 protocol=tcp
  204. add action=drop chain=tcp-virus comment="Net Monitor" disabled=no log=yes dst-port= 7300-7308 protocol=tcp
  205. add action=drop chain=tcp-virus comment=Backdoor.netshadow disabled=no log=yes dst-port=7329 protocol=tcp
  206. add action=drop chain=tcp-virus comment=Backdoor.phoenix disabled=no log=yes dst-port=7410 protocol=tcp
  207. add action=drop chain=tcp-virus comment="Host Control" disabled=no log=yes dst-port=7424 protocol=tcp
  208. add action=drop chain=tcp-virus comment="QaZ -Remote Accs Trojan" disabled=no log=yes dst-port=7597 protocol=tcp
  209. add action=drop chain=tcp-virus comment=Backdoor.GRM disabled=no log=yes dst-port= 7614 protocol=tcp
  210. add action=drop chain=tcp-virus comment=Glacier disabled=no log=yes dst-port=7626 protocol=tcp
  211. add action=drop chain=tcp-virus comment=backdoor.no log=yesdelm disabled=no log=yes dst-port=7740-7749 protocol=tcp
  212. add action=drop chain=tcp-virus comment="GodMsaage, Tini" disabled=no log=yes dst-port=7777 protocol=tcp
  213. add action=drop chain=tcp-virus comment=ICKiller disabled=no log=yes dst-port=7789 protocol=tcp
  214. add action=drop chain=tcp-virus comment=Backdoor.Amitis.B disabled=no log=yes dst-port=7823 protocol=tcp
  215. add action=drop chain=tcp-virus comment="The ReVeNgEr" disabled=no log=yes dst-port=7891 protocol=tcp
  216. add action=drop chain=tcp-virus comment=W32.kibuv.b disabled=no log=yes dst-port= 7955 protocol=tcp
  217. add action=drop chain=tcp-virus comment=Mstream disabled=no log=yes dst-port=7983 protocol=tcp
  218. add action=drop chain=tcp-virus comment=w32.mytob.lz@mm disabled=no log=yes dst-port=7999-8000 protocol=tcp
  219. add action=drop chain=tcp-virus comment=Backdoor.Ptakks.b disabled=no log=yes dst-port=8012 protocol=tcp
  220. add action=drop chain=tcp-virus comment="W32.Spybot.pen " disabled=no log=yes dst-port=8076 protocol=tcp
  221. add action=drop chain=tcp-virus comment=Backdoor.Asniffer disabled=no log=yes dst-port=8090 protocol=tcp
  222. add action=drop chain=tcp-virus comment=W32.PejayBot disabled=no log=yes dst-port= 8126 protocol=tcp
  223. add action=drop chain=tcp-virus comment="BackOrifice 2000" disabled=no log=yes dst-port=8787 protocol=tcp
  224. add action=drop chain=tcp-virus comment=Backdoor.Monator disabled=no log=yes dst-port=8811 protocol=tcp
  225. add action=drop chain=tcp-virus comment=Beagle.B@mm disabled=no log=yes dst-port= 8866 protocol=tcp
  226. add action=drop chain=tcp-virus comment="BackOrifice 2000" disabled=no log=yes dst-port=8879 protocol=tcp
  227. add action=drop chain=tcp-virus comment=W32.Axatak disabled=no log=yes dst-port= 8888-8889 protocol=tcp
  228. add action=drop chain=tcp-virus comment="BackHack - Rcon, Recon, Xcon" disabled=no log=yes dst-port=8988-8989 protocol=tcp
  229. add action=drop chain=tcp-virus comment="W32.randex.ccf - netministrator" disabled=no log=yes dst-port=9000 protocol=tcp
  230. add action=drop chain=tcp-virus comment=Backdoor.nibu.k disabled=no log=yes dst-port=9125 protocol=tcp
  231. add action=drop chain=tcp-virus comment=InCommand disabled=no log=yes dst-port=9400 protocol=tcp
  232. add action=drop chain=tcp-virus comment=W32.kibuv.worm disabled=no log=yes dst-port=9604 protocol=tcp
  233. add action=drop chain=tcp-virus comment=Backdoor.gholame disabled=no log=yes dst-port=9696-9697 protocol=tcp
  234. add action=drop chain=tcp-virus comment="BackDoor.RC3.B, Portal of Doom" disabled=no log=yes dst-port=9872-9878 protocol=tcp
  235. add action=drop chain=tcp-virus comment= "More than 3 kno log=yeswn worms and trojans use this port" disabled=no log=yes dst-port= 9898-10002 protocol=tcp
  236. add action=drop chain=tcp-virus comment=iNi-Killer disabled=no log=yes dst-port= 9989 protocol=tcp
  237. add action=drop chain=tcp-virus comment="W.32.Sasser Worm" disabled=no log=yes dst-port=9996 protocol=tcp
  238. add action=drop chain=tcp-virus comment="The Prayer" disabled=no log=yes dst-port= 9999 protocol=tcp
  239. add action=drop chain=tcp-virus comment=OpwinTRojan disabled=no log=yes dst-port= 10005 protocol=tcp
  240. add action=drop chain=tcp-virus comment="Chee worm" disabled=no log=yes dst-port= 10008 protocol=tcp
  241. add action=drop chain=tcp-virus comment=w32.mytob.jw@mm disabled=no log=yes dst-port=10027 protocol=tcp
  242. add action=drop chain=tcp-virus comment="Portal of Doom" disabled=no log=yes dst-port=10067 protocol=tcp
  243. add action=drop chain=tcp-virus comment=Mydoom.B disabled=no log=yes dst-port=10080 protocol=tcp
  244. add action=drop chain=tcp-virus comment="backdoor.ranky.o, backdoor.staprew, backdoor.tuimer, gift trojan, brainspy, silencer" disabled=no log=yes dst-port= 10100-10103 protocol=tcp
  245. add action=drop chain=tcp-virus comment="Acid Shivers" disabled=no log=yes dst-port=10520 protocol=tcp
  246. add action=drop chain=tcp-virus comment=Coma disabled=no log=yes dst-port=10607 protocol=tcp
  247. add action=drop chain=tcp-virus comment=Ambush disabled=no log=yes dst-port=10666 protocol=tcp
  248. add action=drop chain=tcp-virus comment="Senna Spy" disabled=no log=yes dst-port= 11000 protocol=tcp
  249. add action=drop chain=tcp-virus comment="Host Control" disabled=no log=yes dst-port=11050-11051 protocol=tcp
  250. add action=drop chain=tcp-virus comment="Progenic Trojan - Secret Agent" disabled=no log=yes dst-port=11223 protocol=tcp
  251. add action=drop chain=tcp-virus comment="Dipnet / oddBob Trojan" disabled= no log=yes dst-port=11768 protocol=tcp
  252. add action=drop chain=tcp-virus comment="Latinus Server" disabled=no log=yes dst-port=11831 protocol=tcp
  253. add action=drop chain=tcp-virus comment=Backdoor.Satancrew disabled=no log=yes dst-port=12000 protocol=tcp
  254. add action=drop chain=tcp-virus comment=Backdoor.Berbew.j disabled=no log=yes dst-port=12065 protocol=tcp
  255. add action=drop chain=tcp-virus comment=GJamer disabled=no log=yes dst-port=12076 protocol=tcp
  256. add action=drop chain=tcp-virus comment="Hack'99, KeyLogger" disabled=no log=yes dst-port=12223 protocol=tcp
  257. add action=drop chain=tcp-virus comment="Netbus, Ultor's Trojan" disabled= no log=yes dst-port=12345-12346 protocol=tcp
  258. add action=drop chain=tcp-virus comment=Whack-a-Mole disabled=no log=yes dst-port= 12361-12363 protocol=tcp
  259. add action=drop chain=tcp-virus comment=NetBus disabled=no log=yes dst-port=12456 protocol=tcp
  260. add action=drop chain=tcp-virus comment="Whack Job" disabled=no log=yes dst-port= 12631 protocol=tcp
  261. add action=drop chain=tcp-virus comment="Eclypse 2000" disabled=no log=yes dst-port=12701 protocol=tcp
  262. add action=drop chain=tcp-virus comment="Mstream attack-handler" disabled= no log=yes dst-port=12754 protocol=tcp
  263. add action=drop chain=tcp-virus comment="Senna Spy" disabled=no log=yes dst-port= 13000 protocol=tcp
  264. add action=drop chain=tcp-virus comment=Backdoor.Amitis.B disabled=no log=yes dst-port=13173 protocol=tcp
  265. add action=drop chain=tcp-virus comment=W32.Sober.D disabled=no log=yes dst-port= 13468 protocol=tcp
  266. add action=drop chain=tcp-virus comment="Kuang2 the Virus" disabled=no log=yes dst-port=13700 protocol=tcp
  267. add action=drop chain=tcp-virus comment=Trojan.Mitglieder.h disabled=no log=yes dst-port=14247 protocol=tcp
  268. add action=drop chain=tcp-virus comment="Mstream attack-handler" disabled= no log=yes dst-port=15104 protocol=tcp
  269. add action=drop chain=tcp-virus comment="Dipnet / oddBob Trojan" disabled= no log=yes dst-port=15118 protocol=tcp
  270. add action=drop chain=tcp-virus comment=Backdoor.Cyn disabled=no log=yes dst-port= 15432 protocol=tcp
  271. add action=drop chain=tcp-virus comment=Backdoor.Lastdoor disabled=no log=yes dst-port=16322 protocol=tcp
  272. add action=drop chain=tcp-virus comment=Mosucker disabled=no log=yes dst-port=16484 protocol=tcp
  273. add action=drop chain=tcp-virus comment="Backdoor.Haxdoor.D - Stacheldraht" disabled=no log=yes dst-port=16660-16661 protocol=tcp
  274. add action=drop chain=tcp-virus comment= "More than 3 kno log=yeswn worms and trojans use this port" disabled=no log=yes dst-port= 16959 protocol=tcp
  275. add action=drop chain=tcp-virus comment="Kuang2.B Trojan" disabled=no log=yes dst-port=17300 protocol=tcp
  276. add action=drop chain=tcp-virus comment=W32.Imav.a disabled=no log=yes dst-port= 17940 protocol=tcp
  277. add action=drop chain=tcp-virus comment=Backdoor.Gaster disabled=no log=yes dst-port=19937 protocol=tcp
  278. add action=drop chain=tcp-virus comment="Millennium - AcidkoR" disabled=no log=yes dst-port=20001-20002 protocol=tcp
  279. add action=drop chain=tcp-virus comment="NetBus 2 Pro" disabled=no log=yes dst-port=20034 protocol=tcp
  280. add action=drop chain=tcp-virus comment=Chupacabra disabled=no log=yes dst-port= 20203 protocol=tcp
  281. add action=drop chain=tcp-virus comment="Bla Trojan" disabled=no log=yes dst-port= 20331 protocol=tcp
  282. add action=drop chain=tcp-virus comment="Shaft Client to handlers" disabled=no log=yes dst-port=20432-20433 protocol=tcp
  283. add action=drop chain=tcp-virus comment=Trojan.Adnap disabled=no log=yes dst-port= 20480 protocol=tcp
  284. add action=drop chain=tcp-virus comment=Trojan.Mitglieder.E disabled=no log=yes dst-port=20742 protocol=tcp
  285. add action=drop chain=tcp-virus comment=W32.dasher.b disabled=no log=yes dst-port= 21211 protocol=tcp
  286. add action=drop chain=tcp-virus comment= "Exploiter - Kid Terror - Schwndler - Winsp00fer" disabled=no log=yes dst-port= 21554 protocol=tcp
  287. add action=drop chain=tcp-virus comment= "Prosiak - Ruler - Donald Dick - RUX The TIc.K" disabled=no log=yes dst-port= 22222 protocol=tcp
  288. add action=drop chain=tcp-virus comment=Backdoor.Simali disabled=no log=yes dst-port=22311 protocol=tcp
  289. add action=drop chain=tcp-virus comment=Backdoor-ADM disabled=no log=yes dst-port= 22784 protocol=tcp
  290. add action=drop chain=tcp-virus comment=W32.hllw.nettrash disabled=no log=yes dst-port=23005-23006 protocol=tcp
  291. add action=drop chain=tcp-virus comment=backdoor.berbew.j disabled=no log=yes dst-port=23232 protocol=tcp
  292. add action=drop chain=tcp-virus comment=Trojan.Framar disabled=no log=yes dst-port= 23435 protocol=tcp
  293. add action=drop chain=tcp-virus comment="Donald Dick" disabled=no log=yes dst-port= 23476-23477 protocol=tcp
  294. add action=drop chain=tcp-virus comment=w32.mytob.km@mm disabled=no log=yes dst-port=23523 protocol=tcp
  295. add action=drop chain=tcp-virus comment="Delta Source" disabled=no log=yes dst-port=26274 protocol=tcp
  296. add action=drop chain=tcp-virus comment=Backdoor.optix.04 disabled=no log=yes dst-port=27379 protocol=tcp
  297. add action=drop chain=tcp-virus comment="Sub-7 2.1" disabled=no log=yes dst-port= 27573 protocol=tcp
  298. add action=drop chain=tcp-virus comment="Trin00 DoS Attack" disabled=no log=yes dst-port=27665 protocol=tcp
  299. add action=drop chain=tcp-virus comment=Backdoor.Sdbot.ai disabled=no log=yes dst-port=29147 protocol=tcp
  300. add action=drop chain=tcp-virus comment=Backdoor.NTHack disabled=no log=yes dst-port=29292 protocol=tcp
  301. add action=drop chain=tcp-virus comment="Latinus Server" disabled=no log=yes dst-port=29559 protocol=tcp
  302. add action=drop chain=tcp-virus comment="The Unexplained" disabled=no log=yes dst-port=29891 protocol=tcp
  303. add action=drop chain=tcp-virus comment=Backdoor.Antilam.20 disabled=no log=yes dst-port=29999 protocol=tcp
  304. add action=drop chain=tcp-virus comment="AOL Trojan" disabled=no log=yes dst-port= 30029 protocol=tcp
  305. add action=drop chain=tcp-virus comment=NetSphere disabled=no log=yes dst-port= 30100-30103 protocol=tcp
  306. add action=drop chain=tcp-virus comment="NetSphere Final" disabled=no log=yes dst-port=30133 protocol=tcp
  307. add action=drop chain=tcp-virus comment="Sockets de Troi" disabled=no log=yes dst-port=30303 protocol=tcp
  308. add action=drop chain=tcp-virus comment=Kuang2 disabled=no log=yes dst-port=30999 protocol=tcp
  309. add action=drop chain=tcp-virus comment= "More than 3 kno log=yeswn worms and trojans use this port" disabled=no log=yes dst-port= 31335-31339 protocol=tcp
  310. add action=drop chain=tcp-virus comment=BOWhack disabled=no log=yes dst-port=31666 protocol=tcp
  311. add action=drop chain=tcp-virus comment="Hack'a'Tack" disabled=no log=yes dst-port= 31785-31792 protocol=tcp
  312. add action=drop chain=tcp-virus comment=backdoor.berbew.j disabled=no log=yes dst-port=32121 protocol=tcp
  313. add action=drop chain=tcp-virus comment="Acid Battery" disabled=no log=yes dst-port=32418 protocol=tcp
  314. add action=drop chain=tcp-virus comment=Backdoor.Alets.B disabled=no log=yes dst-port=32440 protocol=tcp
  315. add action=drop chain=tcp-virus comment="Trinity Trojan" disabled=no log=yes dst-port=33270 protocol=tcp
  316. add action=drop chain=tcp-virus comment=trojan.lodeight.b disabled=no log=yes dst-port=33322 protocol=tcp
  317. add action=drop chain=tcp-virus comment=Prosiak disabled=no log=yes dst-port=33333 protocol=tcp
  318. add action=drop chain=tcp-virus comment="Spirit 2001 a" disabled=no log=yes dst-port=33911 protocol=tcp
  319. add action=drop chain=tcp-virus comment="BigGluck, TN" disabled=no log=yes dst-port=34324 protocol=tcp
  320. add action=drop chain=tcp-virus comment=Backdoor.Lifefourno log=yesw disabled=no log=yes dst-port=36183 protocol=tcp
  321. add action=drop chain=tcp-virus comment="Yet Ano log=yesther Trojan" disabled=no log=yes dst-port=37651 protocol=tcp
  322. add action=drop chain=tcp-virus comment="More than 3 kno log=yeswn worms and trojans use this port" disabled=no log=yes dst-port=39999 protocol=tcp
  323. add action=drop chain=tcp-virus comment="The Spy" disabled=no log=yes dst-port=40412 protocol=tcp
  324. add action=drop chain=tcp-virus comment="Agent 40421 - Masters Paradise" disabled=no log=yes dst-port=40421-40426 protocol=tcp
  325. add action=drop chain=tcp-virus comment="Master's Paradise" disabled=no log=yes dst-port=43210 protocol=tcp
  326. add action=drop chain=tcp-virus comment=Backdoor.Amitis.B disabled=no log=yes dst-port=44280 protocol=tcp
  327. add action=drop chain=tcp-virus comment=Backdoor.Amitis.B disabled=no log=yes dst-port=44390 protocol=tcp
  328. add action=drop chain=tcp-virus comment="Delta Source" disabled=no log=yes dst-port=47252 protocol=tcp
  329. add action=drop chain=tcp-virus comment=Backdoor.Amitis.B disabled=no log=yes dst-port=47387 protocol=tcp
  330. add action=drop chain=tcp-virus comment=Backdoor.antilam.20 disabled=no log=yes dst-port=47891 protocol=tcp
  331. add action=drop chain=tcp-virus comment="Sokets de Trois v2." disabled=no log=yes dst-port=50505 protocol=tcp
  332. add action=drop chain=tcp-virus comment=Fore disabled=no log=yes dst-port=50776 protocol=tcp
  333. add action=drop chain=tcp-virus comment=Backdoor.Cyn disabled=no log=yes dst-port=51234 protocol=tcp
  334. add action=drop chain=tcp-virus comment=W32.kalel.a@mm disabled=no log=yes dst-port=51435 protocol=tcp
  335. add action=drop chain=tcp-virus comment="Remote Windows Shutdown" disabled= no log=yes dst-port=53001 protocol=tcp
  336. add action=drop chain=tcp-virus comment="subSeven -Subseven 2.1 Gold" disabled=no log=yes dst-port=54283 protocol=tcp
  337. add action=drop chain=tcp-virus comment="More than 3 kno log=yeswn worms and trojans use this port " disabled=no log=yes dst-port=54320-54321 protocol=tcp
  338. add action=drop chain=tcp-virus comment="WM Trojan Generator - File manager Trojan" disabled=no log=yes dst-port=55165-55166 protocol=tcp
  339. add action=drop chain=tcp-virus comment=Backdoor.Osirdoor disabled=no log=yes dst-port=56565 protocol=tcp
  340. add action=drop chain=tcp-virus comment="NetRaider Trojan" disabled=no log=yes dst-port=57341 protocol=tcp
  341. add action=drop chain=tcp-virus comment=BackDoor.Tron disabled=no log=yes dst-port=58008-58009 protocol=tcp
  342. add action=drop chain=tcp-virus comment="Butt Funnel" disabled=no log=yes dst-port=58339 protocol=tcp
  343. add action=drop chain=tcp-virus comment=BackDoor.Redkod disabled=no log=yes dst-port=58666 protocol=tcp
  344. add action=drop chain=tcp-virus comment=BackDoor.DuckToy disabled=no log=yes dst-port=59211 protocol=tcp
  345. add action=drop chain=tcp-virus comment="Deep Throat" disabled=no log=yes dst-port=60000 protocol=tcp
  346. add action=drop chain=tcp-virus comment=Trinity disabled=no log=yes dst-port=60001 protocol=tcp
  347. add action=drop chain=tcp-virus comment=Trojan.Fulamer.25 disabled=no log=yes dst-port=60006 protocol=tcp
  348. add action=drop chain=tcp-virus comment="Xzip 6000068" disabled=no log=yes dst-port=60068 protocol=tcp
  349. add action=drop chain=tcp-virus comment=Connection disabled=no log=yes dst-port=60411 protocol=tcp
  350. add action=drop chain=tcp-virus comment=Backdoor.mite disabled=no log=yes dst-port=61000 protocol=tcp
  351. add action=drop chain=tcp-virus comment="Bunker-Hill Trojan" disabled=no log=yes dst-port=61348 protocol=tcp
  352. add action=drop chain=tcp-virus comment=Telecommando disabled=no log=yes dst-port=61466 protocol=tcp
  353. add action=drop chain=tcp-virus comment="Bunker-Hill Trojan" disabled=no log=yes dst-port=61603 protocol=tcp
  354. add action=drop chain=tcp-virus comment="Bunker-Hill Trojan" disabled=no log=yes dst-port=63485 protocol=tcp
  355. add action=drop chain=tcp-virus comment="Phatbot, W32.hllw.gaobot.dk" disabled=no log=yes dst-port=63808-63809 protocol=tcp
  356. add action=drop chain=tcp-virus comment=Taskmin disabled=no log=yes dst-port=64101 protocol=tcp
  357. add action=drop chain=tcp-virus comment=Backdoor.Amitis.B disabled=no log=yes dst-port=64429 protocol=tcp
  358. add action=drop chain=tcp-virus comment="More than 3 kno log=yeswn worms and trojans use this port" disabled=no log=yes dst-port=65000 protocol=tcp
  359. add action=drop chain=tcp-virus comment=Eclypse disabled=no log=yes dst-port=65390 protocol=tcp
  360. add action=drop chain=tcp-virus comment=Jade disabled=no log=yes dst-port=65421 protocol=tcp
  361. add action=drop chain=tcp-virus comment="The Traitor (th3tr41t0r)" disabled=no log=yes dst-port=65432 protocol=tcp
  362. add action=drop chain=tcp-virus comment=Phatbot disabled=no log=yes dst-port=65506 protocol=tcp
  363. add action=drop chain=tcp-virus comment=/sbin/init disabled=no log=yes dst-port=65534 protocol=tcp
  364. add action=drop chain=tcp-virus comment="Adore Worm/Linux - RC1 Trojan" disabled=no log=yes dst-port=65535 protocol=tcp
  365. add action=drop chain=tcp-virus comment=Cafeini disabled=no log=yes dst-port=51966 protocol=tcp
  366. add action=drop chain=tcp-virus comment="Acid baterry 2000" disabled=no log=yes dst-port=52317 protocol=tcp
  367. add action=drop chain=tcp-virus comment=Enterprise disabled=no log=yes dst-port=50130 protocol=tcp
  368. add action=drop chain=tcp-virus comment="Online Keylogger" disabled=no log=yes dst-port=49301 protocol=tcp
  369. add action=drop chain=tcp-virus comment=Exploiter disabled=no log=yes dst-port=44575 protocol=tcp
  370. add action=drop chain=tcp-virus comment=Prosiak disabled=no log=yes dst-port=44444 protocol=tcp
  371. add action=drop chain=tcp-virus comment="Remote Boot Tool - RBT" disabled= no log=yes dst-port=41666 protocol=tcp
  372. add action=drop chain=tcp-virus comment=Storm disabled=no log=yes dst-port=41337 protocol=tcp
  373. add action=drop chain=tcp-virus comment=Mantis disabled=no log=yes dst-port=37237 protocol=tcp
  374. add action=drop chain=tcp-virus comment="Donald Dick" disabled=no log=yes dst-port= 34444 protocol=tcp
  375. add action=drop chain=tcp-virus comment="Son of PsychWard" disabled=no log=yes dst-port=33577 protocol=tcp
  376. add action=drop chain=tcp-virus comment="Son of PsychWard" disabled=no log=yes dst-port=33777 protocol=tcp
  377. add action=drop chain=tcp-virus comment="Peanut Brittle, Project Next" disabled=no log=yes dst-port=32100 protocol=tcp
  378. add action=drop chain=tcp-virus comment="Donald Dick" disabled=no log=yes dst-port=32001 protocol=tcp
  379. add action=drop chain=tcp-virus comment="Hack'a'Tack" disabled=no log=yes dst-port=31785 protocol=tcp
  380. add action=drop chain=tcp-virus comment=Intruse disabled=no log=yes dst-port=30947 protocol=tcp
  381. add action=drop chain=tcp-virus comment="Lamers Death" disabled=no log=yes dst-port=30003 protocol=tcp
  382. add action=drop chain=tcp-virus comment="Infector - ErrOr32" disabled=no log=yes dst-port=30000-30001 protocol=tcp
  383. add action=drop chain=tcp-virus comment=ovasOn disabled=no log=yes dst-port=29369 protocol=tcp
  384. add action=drop chain=tcp-virus comment=NetTrojan disabled=no log=yes dst-port=29104 protocol=tcp
  385. add action=drop chain=tcp-virus comment=Exploiter disabled=no log=yes dst-port=28678 protocol=tcp
  386. add action=drop chain=tcp-virus comment="Bad Blood - Ramen - Seeker - SubSev en - SubSeven 2.1 Gold - Subseven 2.14 DefCon8 - SubSeven Muie - Ttfloader" disabled=no log=yes dst-port=27374 protocol=tcp
  387. add action=drop chain=tcp-virus comment=Voicpy disabled=no log=yes dst-port=26681 protocol=tcp
  388. add action=drop chain=tcp-virus comment=Moonpie disabled=no log=yes dst-port=25982 protocol=tcp
  389. add action=drop chain=tcp-virus comment=Moonpie disabled=no log=yes dst-port=25685-25686 protocol=tcp
  390. add action=drop chain=tcp-virus comment=Infector disabled=no log=yes dst-port=24000 protocol=tcp
  391. add action=drop chain=tcp-virus comment=InetSpy disabled=no log=yes dst-port=23777 protocol=tcp
  392. add action=drop chain=tcp-virus comment="Evil FTP - Ugly FTP - Whack Job" disabled=no log=yes dst-port=23456 protocol=tcp
  393. add action=drop chain=tcp-virus comment=Asylum disabled=no log=yes dst-port=23432 protocol=tcp
  394. add action=drop chain=tcp-virus comment=Amanda disabled=no log=yes dst-port=23032 protocol=tcp
  395. add action=drop chain=tcp-virus comment=Logged disabled=no log=yes dst-port=23232 protocol=tcp
  396. add action=drop chain=tcp-virus comment="Girl friend - Kid Error" disabled=no log=yes dst-port=21544 protocol=tcp
  397. add action=drop chain=tcp-virus comment="VP killer" disabled=no log=yes dst-port=20023 protocol=tcp
  398. add action=drop chain=tcp-virus comment=Mosucker disabled=no log=yes dst-port=20005 protocol=tcp
  399. add action=drop chain=tcp-virus comment="ICQ Revenge" disabled=no log=yes dst-port=19864 protocol=tcp
  400. add action=drop chain=tcp-virus comment=Nephron disabled=no log=yes dst-port=17777 protocol=tcp
  401. add action=drop chain=tcp-virus comment=Audiodoor disabled=no log=yes dst-port=17593 protocol=tcp
  402. add action=drop chain=tcp-virus comment=Infector disabled=no log=yes dst-port=17569 protocol=tcp
  403. add action=drop chain=tcp-virus comment=CrazzyNet disabled=no log=yes dst-port=17499-17500 protocol=tcp
  404. add action=drop chain=tcp-virus comment=KidTerror disabled=no log=yes dst-port=17449 protocol=tcp
  405. add action=drop chain=tcp-virus comment=Mosaic disabled=no log=yes dst-port=17166 protocol=tcp
  406. add action=drop chain=tcp-virus comment=Priority disabled=no log=yes dst-port=16969 protocol=tcp
  407. add action=drop chain=tcp-virus comment="ICQ Revenge" disabled=no log=yes dst-port=16772 protocol=tcp
  408. add action=drop chain=tcp-virus comment=CDK disabled=no log=yes dst-port=15858 protocol=tcp
  409. add action=drop chain=tcp-virus comment=SubZero disabled=no log=yes dst-port=15382 protocol=tcp
  410. add action=drop chain=tcp-virus comment="Host Control" disabled=no log=yes dst-port=15092 protocol=tcp
  411. add action=drop chain=tcp-virus comment=NetDemon disabled=no log=yes dst-port=15000 protocol=tcp
  412. add action=drop chain=tcp-virus comment="PC Invader" disabled=no log=yes dst-port=14500-14503 protocol=tcp
  413. add action=drop chain=tcp-virus comment=Chupacabra disabled=no log=yes dst-port=13473 protocol=tcp
  414. add action=drop chain=tcp-virus comment="Hack '99 KeyLogger" disabled=no log=yes dst-port=13223 protocol=tcp
  415. add action=drop chain=tcp-virus comment=PsychWard disabled=no log=yes dst-port=13013-13014 protocol=tcp
  416. add action=drop chain=tcp-virus comment="Hacker Brasil - HBR" disabled=no log=yes dst-port=13010 protocol=tcp
  417. add action=drop chain=tcp-virus comment=Buttman disabled=no log=yes dst-port=12624 protocol=tcp
  418. add action=drop chain=tcp-virus comment=BioNet disabled=no log=yes dst-port=12349 protocol=tcp
  419. add action=drop chain=tcp-virus comment="Host Control" disabled=no log=yes dst-port=10528 protocol=tcp
  420. add action=drop chain=tcp-virus comment=Syphilis disabled=no log=yes dst-port=10085-10086 protocol=tcp
  421. add action=drop chain=tcp-virus comment=DigitalRootbeer disabled=no log=yes dst-port=2600 protocol=tcp
  422. add action=drop chain=tcp-virus comment="Doly Trojan" disabled=no log=yes dst-port=2345 protocol=tcp
  423. add action=return chain=tcp-virus comment="Back to previous menu" disabled=no log=yes
  424. add action=drop chain=udp-virus comment="Socks D Troie, Death" disabled=no log=yes dst-port=1 protocol=udp
  425. add action=drop chain=udp-virus comment="Netbios - DoS attacks msinit" disabled=no log=yes dst-port=136-139 protocol=udp
  426. add action=drop chain=udp-virus comment=Infector disabled=no log=yes dst-port=146 protocol=udp
  427. add action=drop chain=udp-virus comment="N0kN0k Trojan" disabled=no log=yes dst-port=666 protocol=udp
  428. add action=drop chain=udp-virus comment="Maverick's Matrix 1.2-2.0 - remote storm" disabled=no log=yes dst-port=1025 protocol=udp
  429. add action=drop chain=udp-virus comment=no log=yesBackO disabled=no log=yes dst-port=1200-1201 protocol=udp
  430. add action=drop chain=udp-virus comment="BackOrifice DLL Comm" disabled=no log=yes dst-port=1349 protocol=udp
  431. add action=drop chain=udp-virus comment="FunkProxy " disabled=no log=yes dst-port=1505 protocol=udp
  432. add action=drop chain=udp-virus comment="ICA Browser" disabled=no log=yes dst-port=1604 protocol=udp
  433. add action=drop chain=udp-virus comment=BackDoor.Fearic disabled=no log=yes dst-port=2000 protocol=udp
  434. add action=drop chain=udp-virus comment="Mini Backlash" disabled=no log=yes dst-port=2130 protocol=udp
  435. add action=drop chain=udp-virus comment="Deep Throat" disabled=no log=yes dst-port=2140 protocol=udp
  436. add action=drop chain=udp-virus comment=BackDoor.Botex disabled=no log=yes dst-port=2222 protocol=udp
  437. add action=drop chain=udp-virus comment=voicpy disabled=no log=yes dst-port=2339 protocol=udp
  438. add action=drop chain=udp-virus comment=Rat disabled=no log=yes dst-port=2989 protocol=udp
  439. add action=drop chain=udp-virus comment="Deep Throat - Foreplay - Mini Backflash" disabled=no log=yes dst-port=3150 protocol=udp
  440. add action=drop chain=udp-virus comment=Backdoor.Fearic disabled=no log=yes dst-port=3456 protocol=udp
  441. add action=drop chain=udp-virus comment=Eclypse disabled=no log=yes dst-port=3801 protocol=udp
  442. add action=drop chain=udp-virus comment="WityWorm - BlackICE/ISS" disabled= no log=yes dst-port=4000 protocol=udp
  443. add action=drop chain=udp-virus comment="Remote Shell Trojan" disabled=no log=yes dst-port=5503 protocol=udp
  444. add action=drop chain=udp-virus comment="Y3K RAT" disabled=no log=yes dst-port=5882 protocol=udp
  445. add action=drop chain=udp-virus comment="Y3K RAT" disabled=no log=yes dst-port=5888 protocol=udp
  446. add action=drop chain=udp-virus comment="Mstream Agent-handler" disabled=no log=yes dst-port=6838 protocol=udp
  447. add action=drop chain=udp-virus comment="Unkno log=yeswn Trojan" disabled=no log=yes dst-port=7028 protocol=udp
  448. add action=drop chain=udp-virus comment="Host Control" disabled=no log=yes dst-port=7424 protocol=udp
  449. add action=drop chain=udp-virus comment="MStream handler-agent" disabled=no log=yes dst-port=7983 protocol=udp
  450. add action=drop chain=udp-virus comment="BackOrifice 2000" disabled=no log=yes dst-port=8787 protocol=udp
  451. add action=drop chain=udp-virus comment="BackOrifice 2000" disabled=no log=yes dst-port=8879 protocol=udp
  452. add action=drop chain=udp-virus comment="MStream Agent-handler" disabled=no log=yes dst-port=9325 protocol=udp
  453. add action=drop chain=udp-virus comment="Portal of Doom" disabled=no log=yes dst-port=10067 protocol=udp
  454. add action=drop chain=udp-virus comment="Portal of Doom" disabled=no log=yes dst-port=10167 protocol=udp
  455. add action=drop chain=udp-virus comment="Mstream handler-agent" disabled=no log=yes dst-port=10498 protocol=udp
  456. add action=drop chain=udp-virus comment=Ambush disabled=no log=yes dst-port=10666 protocol=udp
  457. add action=drop chain=udp-virus comment="DUN Control" disabled=no log=yes dst-port=12623 protocol=udp
  458. add action=drop chain=udp-virus comment="Shaft handler to Agent" disabled=no log=yes dst-port=18753 protocol=udp
  459. add action=drop chain=udp-virus comment="Shaft handler to Agent" disabled=no log=yes dst-port=20433 protocol=udp
  460. add action=drop chain=udp-virus comment=GirlFriend disabled=no log=yes dst-port=21554 protocol=udp
  461. add action=drop chain=udp-virus comment="Donald Dick" disabled=no log=yes dst-port=23476 protocol=udp
  462. add action=drop chain=udp-virus comment="Delta Source" disabled=no log=yes dst-port=26274 protocol=udp
  463. add action=drop chain=udp-virus comment="Sub-7 2.1" disabled=no log=yes dst-port=27374 protocol=udp
  464. add action=drop chain=udp-virus comment=Trin00/TFN2K disabled=no log=yes dst-port=27444 protocol=udp
  465. add action=drop chain=udp-virus comment="Sub-7 2.1" disabled=no log=yes dst-port=27573 protocol=udp
  466. add action=drop chain=udp-virus comment=NetSphere disabled=no log=yes dst-port=30103 protocol=udp
  467. add action=drop chain=udp-virus comment="More than 3 kno log=yeswn worms and trojans use this port" disabled=no log=yes dst-port=31335-31338 protocol=udp
  468. add action=drop chain=udp-virus comment="Hack`a'Tack" disabled=no log=yes dst-port=31787-31791 protocol=udp
  469. add action=drop chain=udp-virus comment="Trin00 for windows" disabled=no log=yes dst-port=34555 protocol=udp
  470. add action=drop chain=udp-virus comment="Trin00 for windows" disabled=no log=yes dst-port=35555 protocol=udp
  471. add action=drop chain=udp-virus comment="Delta Source" disabled=no log=yes dst-port=47262 protocol=udp
  472. add action=drop chain=udp-virus comment="OnLine keyLogger" disabled=no log=yes dst-port=49301 protocol=udp
  473. add action=drop chain=udp-virus comment="Back Orifice" disabled=no log=yes dst-port=54320-54321 protocol=udp
  474. add action=drop chain=udp-virus comment="NetRaider Trojan" disabled=no log=yes dst-port=57341 protocol=udp
  475. add action=drop chain=udp-virus comment="The Traitor - th3tr41t0r" disabled=no log=yes dst-port=65432 protocol=udp
  476. add action=return chain=udp-virus comment="Back to previous menu" disabled=no log=yes
  477. add action=return chain=virus comment="Back to previous rul" disabled=no log=yes
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!