Re: [suse-security] WEB IIS cmd exe requests
Hi Dove, I am sending the reply to the list as it was the palce you wanted it to go I believe, As sending to me only is probably not what you wanted :-) Please do not CC me as I am on the list. -- Togan Muftuoglu * dove; <dove@freemail.absa.co.za> on 19 Sep, 2001 wrote:
* teo@gecadsoftware.com; <teo@gecadsoftware.com> on 18 Sep, 2001 wrote:
I have this for the older ones: $IPTABLES -I INPUT -p tcp --dport 80 -m string --string .ida -m state --state ESTABLISHED -j REJECT --reject-with tcp-reset
I guess we can just add another one for cmd.exe in place of `.ida'.
hi, could someone please send me the source for the strings module and a question : is this type of filtering allright for production systems ? doVe
Hi, Is this string module a standard module delivered with iptables? I wanted to implement the rule on my SuSE 7.2 masquarading box with kernel 2.4 and SuSEfirewall2, but the errormessage I got was dat the module for string could not be found. Thanks in advance Stefan van Lieshout. ----- Original Message ----- From: "Togan Muftuoglu" <toganm@users.sourceforge.net> To: "SuSE-Security" <suse-security@suse.com> Sent: Wednesday, September 19, 2001 9:35 AM Subject: Re: [suse-security] WEB IIS cmd exe requests
Hi Dove,
I am sending the reply to the list as it was the palce you wanted it to go I believe, As sending to me only is probably not what you wanted :-)
Please do not CC me as I am on the list. -- Togan Muftuoglu
* dove; <dove@freemail.absa.co.za> on 19 Sep, 2001 wrote:
* teo@gecadsoftware.com; <teo@gecadsoftware.com> on 18 Sep, 2001 wrote:
I have this for the older ones: $IPTABLES -I INPUT -p tcp --dport 80 -m string --string .ida -m state --state ESTABLISHED -j REJECT --reject-with tcp-reset
I guess we can just add another one for cmd.exe in place of `.ida'.
hi,
could someone please send me the source for the strings module and a question : is this type of filtering allright for production systems ?
doVe
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
Hi istvan! On Wed, 19 Sep 2001, istvan wrote:
Hi,
Is this string module a standard module delivered with iptables? I wanted to implement the rule on my SuSE 7.2 masquarading box with kernel 2.4 and SuSEfirewall2, but the errormessage I got was dat the module for string could not be found.
yes and no, it comes with netfilter, but you you must enable it using `make patch-o-matic', or `make most-of-pom'. Beware if you are using an `-ac' kernel, that there's a compilation issue related to `max()' macro (if you wander wtf it doesn't compile :). gl -- teodor
Hi Togan! On Wed, 19 Sep 2001, Togan Muftuoglu wrote:
could someone please send me the source for the strings module
you can find it in the last netfilter package(@ netfilter.samba.org).
and a question : is this type of filtering allright for production systems ? dunno, string matching on packets doesn't sound fast, but it actually uses a really fast algorithm for matching.
do some testing on your machine to see the difference, mine is low traffic. ciao -- teodor
participants (3)
-
istvan -
teo@gecadsoftware.com -
Togan Muftuoglu