I am cohabiting a Windows dominated Wireless Network that I think is part of a BotNet,and the rest of the windows users refuse to take appropriate action.

I have discerned that IGMP is used to initiate induction into the BotNet, but, 'ufw' does not seem able to prohibit it, and I am forced to DENY Ports 1900 & 5000, and any others that they use inside the network.

My question is;

Is there any way (on a Linux system) to specifically inspect/deny IGMP packets?

John

The ENDS never JUSTIFY the MEANS!!

IPtables is perfect for this kind of issues.

http://www.linuxhomenetworking.com/w...Using_iptables

I'm not sure that there is directly; you could, in Iptables, filter everything that you do want and drop the rest*; given the lack of matches for the IGMP protocol in iptables, I can't see how you can directly specify 'anything IGMP'. This it isn't exactly elegant or efficient, but that shouldn't matter for most people, most of the time. Certainly, not compared to being protected.

BTW, there have been vulns in the kernel relating to IGMP, and subsequently fixes. In your situation, I'd really, really want to be running a fixed kernel, even if this particular vuln does relate to the computer being 'crashable' by IGMP, and not being recruited to a botnet, which is presumably your immediate concern.

* 'Drop the rest' would probably be better written as 'send to a log rule, with a max logging rate that excludes the possibility of the box being overwhelmed by the loging, and then drop the packet'.