Re: apache and nimbda (fwd)
From: shiftee (shiftee@manifestation.org)Date: 01/30/02
- Previous message: Patrick \: "Re: Compiling the Kernel Without Losing my Old Configuration..."
- In reply to: Dharmendra.T: "Re: apache and nimbda (fwd)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 30 Jan 2002 14:16:53 -0800 From: shiftee <shiftee@manifestation.org> To: security-discuss@linuxsecurity.com
Hello,
Yes, the strings module for netfilter is still in testing, however, I have
been running the solution outlined below for some months now and have had no
problems with it.
The repository for the patch-o-matic patches for netfilter are available via
CVS from the following server:
:pserver:cvs@pserver.samba.org:/cvsroot
(There is no password).
The repository to checkout is 'netfilter', detailed installation instructions
are included in userspace/INSTALL.
On Wed, Jan 30, 2002 at 09:52:49AM +0530, Dharmendra.T wrote:
> Hello All
> I think string patch for the kernel is still under testing!
> : (
> Dharmu
> ----- Original Message -----
> From: David Correa <tech@linux-tech.com>
> To: <security-discuss@linuxsecurity.com>
> Sent: Wednesday, January 30, 2002 5:57 AM
> Subject: apache and nimbda (fwd)
>
>
> > Hi,
> >
> > I found this email interesting so I
> > forwarding it to the list.
> >
> > ---------- Forwarded message ----------
> > Date: Tue, 29 Jan 2002 09:43:19 +0100
> > From: Tommaso Di Donato <t.didonato@sicurweb.it>
> > To: focus-linux@securityfocus.com
> > Subject: Re: apache and nimbda
> >
> > Hi!
> > You can use iptables on the same machine: if you patch it with the string
> > patch, you can drop packet with "cmd.exe", "root.exe", "default.ida", and
> > so on...
> > Try something like this:
> >
> > #!/bin/sh
> > #Put here your external interface
> > EXT_INT=eth1
> >
> > iptables -I INPUT -p tcp -i $EXT_INT --dport 80 -m string --string
> > "/cmd.exe" -j DROP
> > iptables -A INPUT -p tcp -i $EXT_INT --dport 80 -m string --string
> > "/root.exe" -j DROP
> > iptables -A INPUT -m state --state REALTED,ESTABLISHED -j ACCEPT
> > <and so on>
> > ----------- End Forwarded message ----------
> >
> > Regards,
> >
> > David Correa
> > Public Key http://www.linux-tech.com/linuxtech.gpg
> > Key fingerprint 7F2C E072 479D 71B4 008B 373E A284 8CDE 7659 F5D8
> >
> >
> >
> > ------------------------------------------------------------------------
> > To unsubscribe email security-discuss-request@linuxsecurity.com
> > with "unsubscribe" in the subject of the message.
> >
> >
>
> ------------------------------------------------------------------------
> To unsubscribe email security-discuss-request@linuxsecurity.com
> with "unsubscribe" in the subject of the message.
-- shiftee <shiftee@manifestation.org> ------------------------------------------------------------------------ To unsubscribe email security-discuss-request@linuxsecurity.com with "unsubscribe" in the subject of the message.
- Previous message: Patrick \: "Re: Compiling the Kernel Without Losing my Old Configuration..."
- In reply to: Dharmendra.T: "Re: apache and nimbda (fwd)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
