Re: iptables anti-nimda anyone?

From: James F Wilkus (tflat@astrocreep.net)
Date: 09/21/01 

Date: Fri, 21 Sep 2001 11:10:39 -0400
From: James F Wilkus <tflat@astrocreep.net>
To: focus-linux@securityfocus.com
Subject: Re: iptables anti-nimda anyone?
Message-ID: <20010921111039.A15492@trinity.astrocreep.net>

On Fri, Sep 21, 2001 at 08:13:54AM +0200, Bretscher;Johannes;ja wrote:
>
>
> On Wed, 19 Sep 2001, Konrad Michels wrote:
>
> > Hi everyone
> > I don't suppose one of our iptables gurus out there has an iptables rule
> > to filter out this damn nimda thing? I'm really annoyed about it
> > filling up my apache logz and would love to drop the packets 'ere they
> > get to the apache server . . .
>
> The only thing would be to close port 80. You can not detect packet
> content on TCP level.
>
  Something worth looking into would be hogwash, it is a packet scrubber based on snort.

  "Hogwash is designed to take out 95% of the stock attacks
all the kiddies throw at your network. Hogwash lives inline
like a firewall, but it works differently. Instead of
closing ports like a traditional firewall, it drops or modifies
specific packets based on a signature match."

  http://hogwash.sourceforge.net/ 

-- 
James F. Wilkus
<t f l a t @ a s t r o c r e e p . n e t>
*nix SysAdmin, 'rewt shells are sweet.'
http://astrocreep.net || irc.openprojects.net #tflat
&geek if $tflat; 
PGP FingerPrint: E087 9CB8 5516 311D FD8C  14C8 9765 76B4 7A25 1E76
PGP Key: 7A251E76

Relevant Pages

  • X & Gnome crashes the system with iptables
    ... kernel 2.4.21, ... I spent a lot of time to write rules for iptables to obtain a good firewall. ... # Support for connection tracking ... packets are denied until ...
    (comp.os.linux.x)
  • X & Gnome crashes the system with iptables
    ... kernel 2.4.21, ... I spent a lot of time to write rules for iptables to obtain a good firewall. ... # Support for connection tracking ... packets are denied until ...
    (comp.os.linux.setup)
  • X & Gnome crashes the system with iptables
    ... kernel 2.4.21, ... I spent a lot of time to write rules for iptables to obtain a good firewall. ... # Support for connection tracking ... packets are denied until ...
    (alt.linux)
  • X & Gnome crashes the system with iptables
    ... kernel 2.4.21, ... I spent a lot of time to write rules for iptables to obtain a good firewall. ... # Support for connection tracking ... packets are denied until ...
    (comp.os.linux.security)
  • PPPOE xDSL Firewall with IPTABLES
    ... don't know how to modify my firewall to account for this. ... Starts and stops the IPTABLES packet filter \ ... # Kill malformed XMAS packets ... # server/client to server query or response ...
    (comp.os.linux.networking)