Re: iptables anti-nimda anyone?
From: R Dicaire (rdicaire@ardynet.com)Date: 09/21/01
- Previous message: pierre.lombard@imag.fr: "Re: Clever Firewall Rules - Second Edition - Update"
- Maybe in reply to: Konrad Michels: "iptables anti-nimda anyone?"
- Next in thread: José Luis Domingo López: "Re: iptables anti-nimda anyone?"
- Next in thread: Manuel Guesdon: "Re: iptables anti-nimda anyone?"
- Reply: José Luis Domingo López: "Re: iptables anti-nimda anyone?"
- Reply: Eric Landuyt: "Re[2]: iptables anti-nimda anyone?"
- Reply: teo@gecadsoftware.com: "Re: iptables anti-nimda anyone?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-Id: <200109211538.f8LFcY017932@rdb.linux-help.org> Date: Fri, 21 Sep 2001 15:38:33 -0000 To: <focus-linux@securityfocus.com> Subject: Re: iptables anti-nimda anyone? From: "R Dicaire" <rdicaire@ardynet.com>
Forwarded From: Sven Michels <smichels@intradat.com>
> if you've patched the kernel with string match support: yes:
> $IPTABLES -I INPUT -p tcp --dport 80 -m string --string .exe? -m state \
> --state ESTABLISHED -j REJECT --reject-with tcp-reset
> (same works wizh .ida for the old one)
Where can this patch be had if its not included with the kernel, or iptables
src? I can see where having this string filter could be handy.
Also, could this filter rule be bypassed with some unicode representation of
said string?
- Previous message: pierre.lombard@imag.fr: "Re: Clever Firewall Rules - Second Edition - Update"
- Maybe in reply to: Konrad Michels: "iptables anti-nimda anyone?"
- Next in thread: José Luis Domingo López: "Re: iptables anti-nimda anyone?"
- Next in thread: Manuel Guesdon: "Re: iptables anti-nimda anyone?"
- Reply: José Luis Domingo López: "Re: iptables anti-nimda anyone?"
- Reply: Eric Landuyt: "Re[2]: iptables anti-nimda anyone?"
- Reply: teo@gecadsoftware.com: "Re: iptables anti-nimda anyone?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
