Re: iptables anti-nimda anyone?
From: Tim Haynes (secfoc@stirfried.vegetable.org.uk)Date: 09/21/01
- Previous message: Bjørn Ruberg: "Re: iptables anti-nimda anyone?"
- In reply to: Sven Michels: "Re: iptables anti-nimda anyone?"
- Next in thread: teo@gecadsoftware.com: "Re: iptables anti-nimda anyone?"
- Next in thread: Evan Borgstrom: "Re: iptables anti-nimda anyone?"
- Reply: teo@gecadsoftware.com: "Re: iptables anti-nimda anyone?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Sven Michels <smichels@intradat.com> Subject: Re: iptables anti-nimda anyone? From: Tim Haynes <secfoc@stirfried.vegetable.org.uk> Date: 21 Sep 2001 16:33:14 +0100 Message-ID: <86elp05zk5.fsf@potato.vegetable.org.uk>
Sven Michels <smichels@intradat.com> writes:
> if you've patched the kernel with string match support: yes: $IPTABLES -I
> INPUT -p tcp --dport 80 -m string --string .exe? -m state \ --state
> ESTABLISHED -j REJECT --reject-with tcp-reset (same works wizh .ida for
> the old one)
One word of caution here. This only sends a reject/RST to the packet
containing the .exe, *not* to the connection; you've already had the
SYN/handshaking stuff before that, so you'll be left with a connection
dangling open. You'd better have tuned your sysctls to reap dead
connections pretty quickly, if you're going to do this.
~Tim
-- Tim Haynes <http://spodzone.org.uk/>
- Previous message: Bjørn Ruberg: "Re: iptables anti-nimda anyone?"
- In reply to: Sven Michels: "Re: iptables anti-nimda anyone?"
- Next in thread: teo@gecadsoftware.com: "Re: iptables anti-nimda anyone?"
- Next in thread: Evan Borgstrom: "Re: iptables anti-nimda anyone?"
- Reply: teo@gecadsoftware.com: "Re: iptables anti-nimda anyone?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
