apache and nimbda (fwd)
From: David Correa (tech@linux-tech.com)Date: 01/30/02
- Previous message: D: "re: traffic analysys (Was Bootp request)"
- Next in thread: Dharmendra.T: "Re: apache and nimbda (fwd)"
- Reply: Dharmendra.T: "Re: apache and nimbda (fwd)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 29 Jan 2002 16:27:22 -0800 (PST) From: David Correa <tech@linux-tech.com> To: security-discuss@linuxsecurity.com
Hi,
I found this email interesting so I
forwarding it to the list.
---------- Forwarded message ----------
Date: Tue, 29 Jan 2002 09:43:19 +0100
From: Tommaso Di Donato <t.didonato@sicurweb.it>
To: focus-linux@securityfocus.com
Subject: Re: apache and nimbda
Hi!
You can use iptables on the same machine: if you patch it with the string
patch, you can drop packet with "cmd.exe", "root.exe", "default.ida", and
so on...
Try something like this:
#!/bin/sh
#Put here your external interface
EXT_INT=eth1
iptables -I INPUT -p tcp -i $EXT_INT --dport 80 -m string --string
"/cmd.exe" -j DROP
iptables -A INPUT -p tcp -i $EXT_INT --dport 80 -m string --string
"/root.exe" -j DROP
iptables -A INPUT -m state --state REALTED,ESTABLISHED -j ACCEPT
<and so on>
----------- End Forwarded message ----------
Regards,
David Correa
Public Key http://www.linux-tech.com/linuxtech.gpg
Key fingerprint 7F2C E072 479D 71B4 008B 373E A284 8CDE 7659 F5D8
------------------------------------------------------------------------
To unsubscribe email security-discuss-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
- Previous message: D: "re: traffic analysys (Was Bootp request)"
- Next in thread: Dharmendra.T: "Re: apache and nimbda (fwd)"
- Reply: Dharmendra.T: "Re: apache and nimbda (fwd)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
