Re: Question on IPTables

From: Muhammad Faisal Rauf Danka (mfrd@attitudex.com)
Date: 06/18/02


Date: Tue, 18 Jun 2002 12:05:33 -0700 (PDT)
From: Muhammad Faisal Rauf Danka <mfrd@attitudex.com>
To: security-discuss@linuxsecurity.com


As far as checking is concerned, you could try many cgi scanners like whisker for example and many more. Then see if the packet actually hit your apache in apache's logs.

Regards,
---------
Muhammad Faisal Rauf Danka

Chief Technology Officer
Gem Internet Services (Pvt) Ltd.
web: www.gem.net.pk

Vice President
Pakistan Computer Emergency Responce Team (PakCERT)
web: www.pakcert.org

Chief Security Analyst
Applied Technology Research Center (ATRC)
web: www.atrc.net.pk

--- Pyuesh Daya <pyueshd@na.co.za> wrote:
>
>Hi Guys
>
>Has anybody tried to --string command to match a header string and deny the packet. For example :
>
>$IPTABLES -t filter -I FORWARD -i eth0 -p tcp --dport 80 -m string --string="cmd.exe" -j LOG --log-level $LOGLEVEL --log-prefix "String Header Match"
>
>How would I actually check if this works.
>--
>Regards
>Pyuesh Daya
>Tel : (011) 719 0384
>Fax : (011) 719 0444
>------------------------------------------------------------------------
> To unsubscribe email security-discuss-request@linuxsecurity.com
> with "unsubscribe" in the subject of the message.

_____________________________________________________________
---------------------------
[ATTITUDEX.COM]
http://www.attitudex.com/
---------------------------

_____________________________________________________________
Promote your group and strengthen ties to your members with email@yourgroup.org by Everyone.net http://www.everyone.net/?btn=tag
------------------------------------------------------------------------
     To unsubscribe email security-discuss-request@linuxsecurity.com
         with "unsubscribe" in the subject of the message.