Hi, I found this email interesting so I forwarding it to the list. ---------- Forwarded message ---------- Date: Tue, 29 Jan 2002 09:43:19 +0100 From: Tommaso Di Donato <t.didonato@sicurweb.it> To: focus-linux@securityfocus.com Subject: Re: apache and nimbda Hi! You can use iptables on the same machine: if you patch it with the string patch, you can drop packet with "cmd.exe", "root.exe", "default.ida", and so on... Try something like this: #!/bin/sh #Put here your external interface EXT_INT=eth1 iptables -I INPUT -p tcp -i $EXT_INT --dport 80 -m string --string "/cmd.exe" -j DROP iptables -A INPUT -p tcp -i $EXT_INT --dport 80 -m string --string "/root.exe" -j DROP iptables -A INPUT -m state --state REALTED,ESTABLISHED -j ACCEPT <and so on> ----------- End Forwarded message ---------- Regards, David Correa Public Key http://www.linux-tech.com/linuxtech.gpg Key fingerprint 7F2C E072 479D 71B4 008B 373E A284 8CDE 7659 F5D8 ------------------------------------------------------------------------ To unsubscribe email security-discuss-request@linuxsecurity.com with "unsubscribe" in the subject of the message.
