RE: [suse-security] RE: does anybody know such a log
Also I'm feeding my reverse proxy with acl nimdaworm urlpath_regex -i \.eml$ http_access deny nimdaworm acl nimda1 url_regex README.EML acl nimda2 url_regex root.exe acl nimda3 url_regex cmd.exe acl nimda4 url_regex readme.eml acl nimda5 url_regex readme.exe acl nimda6 url_regex default.ida http_access deny nimda1 http_access deny nimda2 http_access deny nimda3 http_access deny nimda4 http_access deny nimda5 http_access deny nimda6 I think, that should do it. Philipp
-----Original Message----- From: Wolfgang Kueter [mailto:wolfgang@shconnect.de] Sent: Friday, October 11, 2002 10:51 PM To: suse-security@suse.com Subject: RE: [suse-security] RE: does anybody know such a log
On Fri, 11 Oct 2002 mailinglists@belfin.ch wrote:
Can't tell you, but I found some antidote against such stuff in the internet:
[iptables -m string --string "pattern"]
well, the stuff from the patch-o-matic and some of that stuff is not very stable, however you might try. Both SuSE default kernels 2.4.28 and 2.4.19 that came with the two last version offer the module already, so can run tests even with the default kernel.
A simple modprobe ipt_string should be enough.
I'd believe that this pattern matching will be quite CPU consuming, anyway, why not try it.
Wolfgang -- shconnect Internet Service web: http://www.shconnect.de EMail: info@shconnect.de Bundesstrasse 2, 24392 Dollrottfeld, Fed. Rep. Germany phone: +49 4641 644
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
participants (1)
-
mailinglists@belfin.ch