Tabris wrote: > Ok, i admit to finding a message in the archive that mentioned that we're > not supposed to use ipt_string for stopping code red and such (it says > there's an FAQ entry for it, which i did not find), so first, I'd like to > ask where this FAQ entry is... It's actually in the Netfilter-Extensions FAQ, under -m strings module. > > second, I've been using ipkungfu to attempt to stop codered, nimda, etc > from hitting my apache server and clogging up my logs. > > It's not working, the rules never trigger. I've played around with it to > no avail. Which doesn't work? ipt_string or ipkungfu, or both? Have you installed the kernel patch and have recompiled your kernel? > I guess, if this doesn't work, and isn't supposed to work, what SHOULD I > do? Find an alternative, I guess. I too have been trying to figure this out myself, but I suppose ipt_string wasn't meant to be used like that(though, I can't see why not, but that's a different topic). I was told to use the correct tool for the job. Snort w/ snortsam is the type of setup I'm using right now; though I'm still figuring out if it is indeed working. The logs are showing a decrease in junk; but still, some are seeping through. *sigh* > I'm using a kernel 2.4.22-pre series kernel with some patch-o-matic > iptables patches. I hope this doesn't end up being another of those > stupid questions that never gets answered. I don't know. What do you think? ;)
