
#-----------------------------------------------------------------------
# README
#-----------------------------------------------------------------------
#
# These rules were developed based on <http://xforce.iss.net/alerts/
# advise30.php>.
#
# Hack'a'Tack is a backdoor that allows attackers to move and kill 
# windows on your desktop, open an FTP server on your machine, log 
# keystrokes, save passwords you type, shut down the machine, and 
# upload, download, and execute files. Hack'a'Tack only runs on Windows
# 95 and 98.
#
# To install, copy this file to /etc/firewall/modules/public/
# block-remote-ports/hack-a-tack. There's no need to execute rc.firewall 
# with the --update-config parameter.
# 
#-----------------------------------------------------------------------
# CHANGES
#-----------------------------------------------------------------------
#
# 2001-02-05  Edwin ten Brink <edwin@privateer.student.utwente.nl>
#             Updated documentation to reflect path changes in v5.1
# 2000-10-17  Jean-Sebastien Morisset <jsmoriss@jsm-mv.dyndns.org>
#             Initial module written for v5.0.
#
#-----------------------------------------------------------------------
# START OF MODULE CODE
#-----------------------------------------------------------------------

echo "Reject $INTOPT $IPADDR -> $ANY Hack'a'Tack (logged)"
ipchains -A $OUTCHAIN -j REJECT -p tcp -y -s $IPADDR $UNPRIVPORTS -d $ANY 31785 -l

