thank you very much ! that helps ... Mit freundlichen Grüßen / Best regards Bruno Leonhardt LPI Level 1 Certified Watchguard Certified System Professional CLP Domino R5 Systemadministrator "mailinglists" <mailinglists@belfin.ch> schrieb am 25.08.2003 11:19:40:

...

Philipp - could you please give me a hint how to build the rule for the pattern to filter out ???

the rules are simple: iptables -A INPUT -p 6 -s 0/0 -d $ip_laneth --dport 80 -m string

--string

"default.ida" -j DROP iptables -A INPUT -p 6 -s 0/0 -d $ip_laneth --dport 80 -m string --string ". exe?/c+tftp" -j DROP iptables -A INPUT -p 6 -s 0/0 -d $ip_laneth --dport 80 -m string --string "cmd.exe" -j DROP iptables -A INPUT -p 6 -s 0/0 -d $ip_laneth --dport 80 -m string --string "root.exe" -j DROP

this is for code red and some other old stuff still trashing the net.

the pattern for sobig I don't know, I'm afraid. If anybody does, please feel free to post it.

Philipp