Re: Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On 08/31/11 9:00 AM, Always Learning wrote:

> No I do not want "another piece of software to parse the http protocol
> and analyze the traffic".
>
> IT Tables, in which I have great confidence and trust, can do it.

iptables will filter on packet headers and such at layer 3, it can't and 
won't analyze the content of packets, regardless of your emotional 
attachments.



>> >  of course, to even consider doing such you would have to, in very
>> >  precise terms, define exactly what comprises a 'hacking attempt'.   do
>> >  you give this filter a list of all valid URLs and trigger your block on
>> >  any that aren't on that list?
> My definition: a hacking attempt is deliberately, meaning not a typing
> error, sending an invalid web page request. Obviously one should exclude
> the 'standard' wrong URLs issued by some software like the M$ Office
> responses and crossdomain requests.

I said precisely.  computers don't understand 'deliberate' vs 'typing 
error', those are subjective measures.

-- 
john r pierce                            N 37, W 122
santa cruz ca                         mid-left coast

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux