Perhaps the most important point here is that the script kiddies and/or
bots usually make sure the target string, 'login' in your example is *not*
contained within a single packet. You can verify this with wireshark. In
any case just be aware that your solution will likely not have the desired
effect.
This a decent read: http://spamcleaner.org/en/misc/w00tw00t.html
Specifically the Conclusion section near the bottom.
On Wed, 31 Aug 2011, Always Learning wrote:
>
> On a VPS I wanted to add to IP tables:-
>
> iptables -A XXXX -p tcp -m string --algo bm --string 'login' -j DROP
>
> I got:
>
> iptables: Unknown error 18446744073709551615
>
> uname -a = 2.6.35.4 #2 (don't know how this got installed)
>
> lsmod | grep ipt = ipt_LOG 5419 2
>
> yum upgrade iptables* = nothing to install.
>
> ---------------------------------------
>
> On a standalone server (C 5.6)
>
> iptables -A XXXX -p tcp -m string --algo bm --string 'login' -j DROP
>
> is accepted.
>
> uname -a = 2.6.18-274.el5 #1
>
> lsmod | grep ipt =
> ipt_LOG 39617 1
> iptable_filter 36161 1
> ip_tables 55457 1 iptable_filter
> x_tables 50505 6
> xt_string,xt_state,ipt_LOG,xt_tcpudp,ip_tables,ip6_tables
>
> ------------------------------------------------
>
> Appreciate suggestions on how to get kernel 2.6.35.4 to install the
> whole IP tables package, especially the STRING and RECENT options (in
> -m).
>
> Thank you.
>
> Paul.
>
>
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
