
#-----------------------------------------------------------------------
# README
#-----------------------------------------------------------------------
#
# These rules were developed based on <http://xforce.iss.net/alerts/
# advise30.php>.
#
# phAse Zero has all of the standard backdoor features, including the 
# ability to upload and download files to the computer using FTP, 
# execute programs, delete and move files, and read and write to the 
# registry. There is also a 'Trash Server' function that will delete 
# all files from your Windows system directory. phAse Zero runs on 
# Windows 95, 98, and Windows NT.
#
# To install, copy this file to /etc/firewall/modules/public/
# block-remote-ports/phasezero. There's no need to execute rc.firewall 
# with the --update-config parameter.
# 
#-----------------------------------------------------------------------
# CHANGES
#-----------------------------------------------------------------------
#
# 2001-02-05  Edwin ten Brink <edwin@privateer.student.utwente.nl>
#             Updated documentation to reflect path changes in v5.1
# 2000-10-17  Jean-Sebastien Morisset <jsmoriss@jsm-mv.dyndns.org>
#             Initial module written for v5.0.
#
#-----------------------------------------------------------------------
# START OF MODULE CODE
#-----------------------------------------------------------------------

echo "Reject $INTOPT $IPADDR -> $ANY phAse Zero (logged)"
ipchains -A $OUTCHAIN -j REJECT -p tcp -y -s $IPADDR $UNPRIVPORTS -d $ANY 555 -l

