iptables
From: Brian Kejser (bkejser@KAISERDIGITAL.com)Date: 08/30/01
- Previous message: twm139@its.to: "RE: Security Patches to the Linux Kernel"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <67EA3300B8C86F45957019092253E91D04C31F@morpheus.kaiserdigital.com> From: Brian Kejser <bkejser@KAISERDIGITAL.com> To: "'focus-linux@securityfocus.com'" <focus-linux@securityfocus.com> Subject: iptables Date: Thu, 30 Aug 2001 05:40:04 -0700
Hi
I've been working with iptables for some time now and I would like to
further harden my firewall rules relating to HTTP.
I've noticed that most malicious attacks (i.e. code red) do random port
scans and as such the HTTP header will not contain the host name. I also
know that iptables can process requests using external libraries (although
I've never developed any of these). So I'm assuming it's possible to develop
a library that would be called by iptables whenever an HTTP request comes in
and examine the contents of the HTTP header. If the IP address was used
instead of the host name, the packet would be dropped and the host would be
blocked. Is this possible? Does the code exist anywhere to do this? Would
there be any problems doing this (besides the fact that it would not work
with SSL?
Could this approach also be used for other Internet services (i.e. FTP,
SMTP, etc.)
Also, is it possible to block a host for a short period of time. For
example, if a machine is scanning port 23 of the firewall, could the
firewall block that IP address for 15 minutes after 2 attempts.
Brian Kejser
www.kaiserdigital.com
- Previous message: twm139@its.to: "RE: Security Patches to the Linux Kernel"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
