Re: iptables anti-nimda anyone?
From: Bjørn Ruberg (bjorn@linpro.no)Date: 09/21/01
- Previous message: hvdkooij@vanderkooij.org: "Re: Tcpdump and 3des packets"
- Maybe in reply to: Konrad Michels: "iptables anti-nimda anyone?"
- Next in thread: Devdas Bhagat: "Re: iptables anti-nimda anyone?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Konrad Michels <konrad@overnetdata.com> Subject: Re: iptables anti-nimda anyone? From: bjorn@linpro.no (Bjørn Ruberg) Date: 21 Sep 2001 08:45:59 +0200 Message-ID: <uizadzpyrbs.fsf@false.linpro.no>
Konrad Michels <konrad@overnetdata.com> writes:
> Hi everyone
> I don't suppose one of our iptables gurus out there has an iptables rule
> to filter out this damn nimda thing? I'm really annoyed about it
> filling up my apache logz and would love to drop the packets 'ere they
> get to the apache server . . .
You may be able to deny it with the string matching patch from the patch-o-matic
section in iptables 1.2.3:
string.patch
The string patch:
Author: Emmanuel Roger <winfield@freegates.be>
Status: Working
This patch adds CONFIG_IP_NF_MATCH_STRING which allows you to
match a string in a whole packet.
THIS PATCH REQUIRES AT LEAST KERNEL 2.4.9 !!!
Be aware that the patch-o-matic is not always considered to be stable and bug-free.
Read the iptables INSTALL file for information on how to apply the patches.
Oh, and the string match? I guess "c+dir" will take care of most of it. Read the
security focus analysis available at
<URL:http://aris.securityfocus.com/alerts/nimda/010919-Analysis-Nimda.pdf>
Hope this helps,
Bjørn
-- Bjørn Ruberg, Linpro AS bjorn@linpro.noThe more you scream, the less you hear. (Fish)
- Previous message: hvdkooij@vanderkooij.org: "Re: Tcpdump and 3des packets"
- Maybe in reply to: Konrad Michels: "iptables anti-nimda anyone?"
- Next in thread: Devdas Bhagat: "Re: iptables anti-nimda anyone?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
