Re: iptables anti-nimda anyone?
From: teo@gecadsoftware.comDate: 09/24/01
- Previous message: Eric Landuyt: "Re[2]: iptables anti-nimda anyone?"
- In reply to: R Dicaire: "Re: iptables anti-nimda anyone?"
- Next in thread: Manuel Guesdon: "Re: iptables anti-nimda anyone?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 24 Sep 2001 12:21:05 +0300 From: teo@gecadsoftware.com To: <focus-linux@securityfocus.com> Subject: Re: iptables anti-nimda anyone? Message-ID: <20010924122105.B19682@gecadsoftware.com>
Hi R!
On Fri, 21 Sep 2001, R Dicaire wrote:
> Forwarded From: Sven Michels <smichels@intradat.com>
>
> > if you've patched the kernel with string match support: yes:
> > $IPTABLES -I INPUT -p tcp --dport 80 -m string --string .exe? -m state \
> > --state ESTABLISHED -j REJECT --reject-with tcp-reset
> > (same works wizh .ida for the old one)
>
> Where can this patch be had if its not included with the kernel, or iptables
> src? I can see where having this string filter could be handy.
it's not activated by default (considered experimental); you must run `make
patch-o-matic' or `most-of-pom' (iirc) if you want it in (and yap, in iptables
src).
> Also, could this filter rule be bypassed with some unicode representation of
> said string?
good point.
as far as could understand from ipt_string.c it matches exactly the string
that was provided, so it can be tricked (unless you come with several versions
of the rule to take that into account).
ciao
-- teodor
- Previous message: Eric Landuyt: "Re[2]: iptables anti-nimda anyone?"
- In reply to: R Dicaire: "Re: iptables anti-nimda anyone?"
- Next in thread: Manuel Guesdon: "Re: iptables anti-nimda anyone?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
