Mailinglist Archive: opensuse-security (359 mails)

< Previous Next >
Re: [suse-security] HTTP Strange LOG
  • From: Peter van den Heuvel <peter@xxxxxxxxxxxxxxxx>
  • Date: Thu, 10 Jul 2003 13:15:47 +0200
  • Message-id: <3F0D4AE3.40007@xxxxxxxxxxxxxxxx>
with iptable you can look into the tcp-traffic using the mangle-option.
By letting through only established ipconnections, you can filter out
connections like that from scannern or connections that use a not
related protocoll that is allowed on that port.
At least read the man pages and the Linux Advanced Routing & Traffic Control HOWTO before you post on the subject. Your statement is quite wrong and confuses many concepts and facts. For one thing, "mangle" is not an option to look into traffic. It is one of the various tables (specifically inteded for packet alteration) of rules that iptables manages.

2) Code red is a worm and it's propagation does not relate to it also being a trojan.
Ok the security-risk is not so much. That is only a act of cling.
No. The question was "how do I protect my webserver from getting affected by this traffic". That relates to the worm capabilities and has nothing to do with the fact that the thing also happens to be a trojan.

Code red in fact uses http over port 80. In fact a mighty security suggestion: block port 80 towards your web-server.
Block port 80 for some known adresses and mangle the connections on port
80 toward your webserver. Blocking all toward the webserver can cause
that no webpages can be requested from outsite. I think.
Sigh... OK, I forgot the <joke> and </joke> quotes around this statement. Anybody else got confused there?

I'm not going to reply to this nonsense anymore.

Peter


PS. And please simply post to the list; most posters read it and do not require the carbon copy. Thanks.


< Previous Next >