thank you very much ! that helps ...
Mit freundlichen Grüßen / Best regards
Bruno Leonhardt
LPI Level 1 Certified
Watchguard Certified System Professional
CLP Domino R5 Systemadministrator
"mailinglists"
Philipp - could you please give me a hint how to build the rule for the pattern to filter out ???
the rules are simple: iptables -A INPUT -p 6 -s 0/0 -d $ip_laneth --dport 80 -m string
--string
"default.ida" -j DROP iptables -A INPUT -p 6 -s 0/0 -d $ip_laneth --dport 80 -m string --string ". exe?/c+tftp" -j DROP iptables -A INPUT -p 6 -s 0/0 -d $ip_laneth --dport 80 -m string --string "cmd.exe" -j DROP iptables -A INPUT -p 6 -s 0/0 -d $ip_laneth --dport 80 -m string --string "root.exe" -j DROP
this is for code red and some other old stuff still trashing the net.
the pattern for sobig I don't know, I'm afraid. If anybody does, please feel free to post it.
Philipp