Re: apache and nimbda (fwd)

From: Dharmendra.T (dharmu@nsecure.net)
Date: 01/30/02 

From: "Dharmendra.T" <dharmu@nsecure.net>
To: <security-discuss@linuxsecurity.com>
Date: Wed, 30 Jan 2002 09:52:49 +0530

Hello All
    I think string patch for the kernel is still under testing!
: (
Dharmu
----- Original Message -----
From: David Correa <tech@linux-tech.com>
To: <security-discuss@linuxsecurity.com>
Sent: Wednesday, January 30, 2002 5:57 AM
Subject: apache and nimbda (fwd)

> Hi,
>
> I found this email interesting so I
> forwarding it to the list.
>
> ---------- Forwarded message ----------
> Date: Tue, 29 Jan 2002 09:43:19 +0100
> From: Tommaso Di Donato <t.didonato@sicurweb.it>
> To: focus-linux@securityfocus.com
> Subject: Re: apache and nimbda
>
> Hi!
> You can use iptables on the same machine: if you patch it with the string
> patch, you can drop packet with "cmd.exe", "root.exe", "default.ida", and
> so on...
> Try something like this:
>
> #!/bin/sh
> #Put here your external interface
> EXT_INT=eth1
>
> iptables -I INPUT -p tcp -i $EXT_INT --dport 80 -m string --string
> "/cmd.exe" -j DROP
> iptables -A INPUT -p tcp -i $EXT_INT --dport 80 -m string --string
> "/root.exe" -j DROP
> iptables -A INPUT -m state --state REALTED,ESTABLISHED -j ACCEPT
> <and so on>
> ----------- End Forwarded message ----------
>
> Regards,
>
> David Correa
> Public Key http://www.linux-tech.com/linuxtech.gpg
> Key fingerprint 7F2C E072 479D 71B4 008B 373E A284 8CDE 7659 F5D8
>
>
>
> ------------------------------------------------------------------------
> To unsubscribe email security-discuss-request@linuxsecurity.com
> with "unsubscribe" in the subject of the message.
>
>

------------------------------------------------------------------------
     To unsubscribe email security-discuss-request@linuxsecurity.com
         with "unsubscribe" in the subject of the message.