Re[2]: iptables anti-nimda anyone?
From: Eric Landuyt (eric@datarescue.com)Date: 09/24/01
- Previous message: teo@gecadsoftware.com: "Re: iptables anti-nimda anyone?"
- In reply to: R Dicaire: "Re: iptables anti-nimda anyone?"
- Next in thread: teo@gecadsoftware.com: "Re: iptables anti-nimda anyone?"
- Next in thread: Manuel Guesdon: "Re: iptables anti-nimda anyone?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 24 Sep 2001 09:37:04 +0200 From: Eric Landuyt <eric@datarescue.com> Message-ID: <172349288.20010924093704@datarescue.com> To: "R Dicaire" <rdicaire@ardynet.com> Subject: Re[2]: iptables anti-nimda anyone?
RD> Also, could this filter rule be bypassed with some unicode representation of
RD> said string?
Sure it could. In the same way, all classical insertions/evasions
technics who works against NIDS could be used to bypass such pattern
matchings. Have a look at http://secinf.net/info/ids/idspaper/idspaper.html .
Fortunately, Nimda doesn' seem to include these mechanisms ;)
-- Eric Landuyt, Developper - mailto:eric@datarescue.com DataRescue sa/nv, Home of the IDA Pro Disassembler - http://www.datarescue.com
- Previous message: teo@gecadsoftware.com: "Re: iptables anti-nimda anyone?"
- In reply to: R Dicaire: "Re: iptables anti-nimda anyone?"
- Next in thread: teo@gecadsoftware.com: "Re: iptables anti-nimda anyone?"
- Next in thread: Manuel Guesdon: "Re: iptables anti-nimda anyone?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
