Hi, On 19-Sep-01 Fluffy Bananachunks wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Tuesday 18 September 2001 10:27 am, you wrote:
I have this for the older ones: $IPTABLES -I INPUT -p tcp --dport 80 -m string --string .ida -m state --state ESTABLISHED -j REJECT --reject-with tcp-reset
After searching google and man, I'm guessing that there's no equivalent for ipchains, and that a second tool such as Snort or the like would need to be used in my case...?
You�re right, there�s no such thing like stateful inspection with ipchains, you should use snort as well if you want to tap into the flow of packets. The latest snortrules contain attack signatures for the Unicode exploit/cmd.exe, but you should be able to construct some default.ida-rules yourself. Writing snort rules is not too difficult and heavily documented. Just take a look at http://www.snort.org .
TIA geo -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org
iD8DBQE7qHIXo2oOGEnz8fYRAgViAJ0SwBbTHUzRDbP78ef76/8xh1NpBgCgtxbR Z9CDeyCVfKvJ4wgImLANIQo= =xk6Y -----END PGP SIGNATURE-----
Boris Lorenz