"Gregg Hill" <greggmhill at please do not spam me at yahoo dot com> wrote in
message news:%23ACQb33sKHA.5036@newsgroup

>I just tested again, this time with WFBS 6.0 SP2 installed and the
>WatchGuard bypassed. While it did get to the site, Trend was able to block
>the downloaded file.
>
> Gregg
>

Hi Gregg,

I'm not sure how to do it in the WG, but with the Cisco Pix and ASA series,
it would be commands such as the following::

name 188.72.246.99 FakeVirusAlertSourceIP
access-list aclout_in deny tcp host 188.72.246.99 any

Ace

In article <#x2S669sKHA.4568@newsgroup>,
MelRemoveSpam@newsgroup says...

>
> With the WatchGuard, create a common http policy with a packet filter, on
> the outgoing tab, change filter to deny, and add the IP address to To:
> block, From is any.

WatchGuard has a IP block list you can add the entire subnet too, I have
a large list of IP ranges in the default block list.

Additionally, if you're letting COM/EXE/REG/DLL, etc... files inbound
via HTTP then you're not using the firewall properly - Block all files
capable of malicious activity for HTTP - then enter exclusions for
*.microsoft.com, *.adobe.com, etc... as needed for the genera HTTP PROXY
rule - don't use a packet filter rule to block a single IP, use the
BLOCK IP list function.




--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.
Trust yourself.
spam999free@newsgroup (remove 999 for proper email address)

Ace,

I intentionally bypassed the WatchGuard in order to test if Trend Micro WFBS
would stop it. For once, it did.

Gregg Hill

--
Gregg's pet peeves:

First of all, what does a peeve look like, and why would anyone want one as
a pet?

Peeve #1: Apostrophes: when in doubt, leave them out! You will be correct
more often than not.

Its = Belonging to it. For example, "Look at the sky. Its color is blue."
It's = It is. For example, "It's hot today."
It's = It has. For example, "It's been nice talking to you."
Its' = completely incorrect usage. Stop it!


Peeve #2: Your vs. You're
"Your" means belonging to you, as in, "It's your truck."
"You're" means "You are." Example, you're probably about ready to throttle
me for this peeve!

"Ace Fekay [MVP-DS, MCT]" <aceman@newsgroup> wrote in message
news:uSrANd8sKHA.4428@newsgroup

> "Gregg Hill" <greggmhill at please do not spam me at yahoo dot com> wrote
> in message news:%23ACQb33sKHA.5036@newsgroup

>>I just tested again, this time with WFBS 6.0 SP2 installed and the
>>WatchGuard bypassed. While it did get to the site, Trend was able to block
>>the downloaded file.
>>
>> Gregg
>>

>
>
> Hi Gregg,
>
> I'm not sure how to do it in the WG, but with the Cisco Pix and ASA
> series, it would be commands such as the following::
>
> name 188.72.246.99 FakeVirusAlertSourceIP
> access-list aclout_in deny tcp host 188.72.246.99 any
>
> Ace
>

One can also use the SROP list at Spamhaus: http://www.spamhaus.org/drop

Gregg Hill

--
Gregg's pet peeves:

First of all, what does a peeve look like, and why would anyone want one as
a pet?

Peeve #1: Apostrophes: when in doubt, leave them out! You will be correct
more often than not.

Its = Belonging to it. For example, "Look at the sky. Its color is blue."
It's = It is. For example, "It's hot today."
It's = It has. For example, "It's been nice talking to you."
Its' = completely incorrect usage. Stop it!


Peeve #2: Your vs. You're
"Your" means belonging to you, as in, "It's your truck."
"You're" means "You are." Example, you're probably about ready to throttle
me for this peeve!

"Leythos" <spam999free@newsgroup> wrote in message
news:MPG.25ecbc629187a27198a14a@newsgroup

> In article <#x2S669sKHA.4568@newsgroup>,
> MelRemoveSpam@newsgroup says...

>>
>> With the WatchGuard, create a common http policy with a packet filter,
>> on
>> the outgoing tab, change filter to deny, and add the IP address to To:
>> block, From is any.

>
> WatchGuard has a IP block list you can add the entire subnet too, I have
> a large list of IP ranges in the default block list.
>
> Additionally, if you're letting COM/EXE/REG/DLL, etc... files inbound
> via HTTP then you're not using the firewall properly - Block all files
> capable of malicious activity for HTTP - then enter exclusions for
> *.microsoft.com, *.adobe.com, etc... as needed for the genera HTTP PROXY
> rule - don't use a packet filter rule to block a single IP, use the
> BLOCK IP list function.
>
>
>
>
> --
> You can't trust your best friends, your five senses, only the little
> voice inside you that most civilians don't even hear -- Listen to that.
> Trust yourself.
> spam999free@newsgroup (remove 999 for proper email address)

"DROP" list. Sheesh...if only I could type!

--
Gregg's pet peeves:

First of all, what does a peeve look like, and why would anyone want one as
a pet?

Peeve #1: Apostrophes: when in doubt, leave them out! You will be correct
more often than not.

Its = Belonging to it. For example, "Look at the sky. Its color is blue."
It's = It is. For example, "It's hot today."
It's = It has. For example, "It's been nice talking to you."
Its' = completely incorrect usage. Stop it!


Peeve #2: Your vs. You're
"Your" means belonging to you, as in, "It's your truck."
"You're" means "You are." Example, you're probably about ready to throttle
me for this peeve!

"Gregg Hill" <greggmhill at please do not spam me at yahoo dot com> wrote in
message news:uU$r3rDtKHA.5940@newsgroup

> One can also use the SROP list at Spamhaus: http://www.spamhaus.org/drop
>
> Gregg Hill
>
> --
> Gregg's pet peeves:
>
> First of all, what does a peeve look like, and why would anyone want one
> as a pet?
>
> Peeve #1: Apostrophes: when in doubt, leave them out! You will be correct
> more often than not.
>
> Its = Belonging to it. For example, "Look at the sky. Its color is blue."
> It's = It is. For example, "It's hot today."
> It's = It has. For example, "It's been nice talking to you."
> Its' = completely incorrect usage. Stop it!
>
>
> Peeve #2: Your vs. You're
> "Your" means belonging to you, as in, "It's your truck."
> "You're" means "You are." Example, you're probably about ready to throttle
> me for this peeve!
>
> "Leythos" <spam999free@newsgroup> wrote in message
> news:MPG.25ecbc629187a27198a14a@newsgroup

>> In article <#x2S669sKHA.4568@newsgroup>,
>> MelRemoveSpam@newsgroup says...

>>>
>>> With the WatchGuard, create a common http policy with a packet filter,
>>> on
>>> the outgoing tab, change filter to deny, and add the IP address to To:
>>> block, From is any.

>>
>> WatchGuard has a IP block list you can add the entire subnet too, I have
>> a large list of IP ranges in the default block list.
>>
>> Additionally, if you're letting COM/EXE/REG/DLL, etc... files inbound
>> via HTTP then you're not using the firewall properly - Block all files
>> capable of malicious activity for HTTP - then enter exclusions for
>> *.microsoft.com, *.adobe.com, etc... as needed for the genera HTTP PROXY
>> rule - don't use a packet filter rule to block a single IP, use the
>> BLOCK IP list function.
>>
>>
>>
>>
>> --
>> You can't trust your best friends, your five senses, only the little
>> voice inside you that most civilians don't even hear -- Listen to that.
>> Trust yourself.
>> spam999free@newsgroup (remove 999 for proper email address)

>

"Gregg Hill" <greggmhill at please do not spam me at yahoo dot com> wrote in
message news:uZ8t6yCtKHA.3360@newsgroup

> Ace,
>
> I intentionally bypassed the WatchGuard in order to test if Trend Micro
> WFBS would stop it. For once, it did.
>
> Gregg Hill
>

Ok, cool. Good to know that it did. :-)

Ace

"Gregg Hill" <greggmhill at please do not spam me at yahoo dot com> wrote in
message news:eH%23hXvDtKHA.3904@newsgroup

> "DROP" list. Sheesh...if only I could type!
>
> --

I was wondering what that meant! LOL!

As for the list, there are quite a bit to enter manually into a PIX. Maybe
create a 'deny' group, and put them in, but I still have to get them in
somehow and not spend two hours typing them in. :-)

Thanks for the link, Gregg!

Ace

For a WatchGuard, all one has to do is get the file into text that has only
the IP addresses. I just open it in Excel and choose a semi-colon as the
delimiter, which makes it into two columns. I delete the second column, save
it, then use it to import into the WG in one big chunk.

If you look at the list, you will see that the IP that Russ posted isn't
there, but it can be added manually.

Gregg

--
Gregg's pet peeves:

First of all, what does a peeve look like, and why would anyone want one as
a pet?

Peeve #1: Apostrophes: when in doubt, leave them out! You will be correct
more often than not.

Its = Belonging to it. For example, "Look at the sky. Its color is blue."
It's = It is. For example, "It's hot today."
It's = It has. For example, "It's been nice talking to you."
Its' = completely incorrect usage. Stop it!


Peeve #2: Your vs. You're
"Your" means belonging to you, as in, "It's your truck."
"You're" means "You are." Example, you're probably about ready to throttle
me for this peeve!

"Ace Fekay [MVP-DS, MCT]" <aceman@newsgroup> wrote in message
news:O99Z5eFtKHA.712@newsgroup

> "Gregg Hill" <greggmhill at please do not spam me at yahoo dot com> wrote
> in message news:eH%23hXvDtKHA.3904@newsgroup

>> "DROP" list. Sheesh...if only I could type!
>>
>> --

>
>
> I was wondering what that meant! LOL!
>
> As for the list, there are quite a bit to enter manually into a PIX. Maybe
> create a 'deny' group, and put them in, but I still have to get them in
> somehow and not spend two hours typing them in. :-)
>
> Thanks for the link, Gregg!
>
> Ace
>

"Gregg Hill" <greggmhill at please do not spam me at yahoo dot com> wrote in
message news:%23oTOSxKtKHA.3536@newsgroup

> For a WatchGuard, all one has to do is get the file into text that has
> only the IP addresses. I just open it in Excel and choose a semi-colon as
> the delimiter, which makes it into two columns. I delete the second
> column, save it, then use it to import into the WG in one big chunk.
>
> If you look at the list, you will see that the IP that Russ posted isn't
> there, but it can be added manually.
>
> Gregg
>

I was checking into my Pix and how to do it. I can create a 'service group'
and simply copy/paste a comma delimited file, as you stated. Thanks for the
ideas!

Ace