Re: iptables anti-nimda anyone?

From: R Dicaire (rdicaire@ardynet.com)
Date: 09/21/01


Message-Id: <200109211538.f8LFcY017932@rdb.linux-help.org>
Date: Fri, 21 Sep 2001 15:38:33 -0000
To: <focus-linux@securityfocus.com>
Subject: Re: iptables anti-nimda anyone?
From: "R Dicaire" <rdicaire@ardynet.com>

Forwarded From: Sven Michels <smichels@intradat.com>

> if you've patched the kernel with string match support: yes:
> $IPTABLES -I INPUT -p tcp --dport 80 -m string --string .exe? -m state \
> --state ESTABLISHED -j REJECT --reject-with tcp-reset
> (same works wizh .ida for the old one)

Where can this patch be had if its not included with the kernel, or iptables
src? I can see where having this string filter could be handy.

Also, could this filter rule be bypassed with some unicode representation of
said string?