El sÃb, 04 de 09 de 2004 a las 11:12, Newbie escribiÃ: > Hi, > > I am not an expert in the whole packet filtering thing (hence my nickname), but I have heard previously, that it is possible to send a 'fake packet'. By this, I mean that lets say the packet header is a TCP packet, whereas the body content is something nasty. Does IP tables filter this sort of packet, or would it be more down to the IDS such as snort? > > Thanks > > Antony Iptables rules usually don't inspect the content of the packet, and even when using 'string' or something similar the inspection is very basic, besides the body data can be coded in many ways (HTTP is an example) that can fool 'string'. You need an IDS that reassembles the sessions and inspects them to see if the content of the packet is really 'nasty'. -- Jose Maria Lopez Hernandez Director Tecnico de bgSEC jkerouac@xxxxxxxxx bgSEC Seguridad y Consultoria de Sistemas Informaticos http://www.bgsec.com ESPAÃA The only people for me are the mad ones -- the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn like fabulous yellow Roman candles. -- Jack Kerouac, "On the Road"
