Hello, Yes, the strings module for netfilter is still in testing, however, I have been running the solution outlined below for some months now and have had no problems with it. The repository for the patch-o-matic patches for netfilter are available via CVS from the following server: :pserver:cvs@pserver.samba.org:/cvsroot (There is no password). The repository to checkout is 'netfilter', detailed installation instructions are included in userspace/INSTALL. On Wed, Jan 30, 2002 at 09:52:49AM +0530, Dharmendra.T wrote: > Hello All > I think string patch for the kernel is still under testing! > : ( > Dharmu > ----- Original Message ----- > From: David Correa <tech@linux-tech.com> > To: <security-discuss@linuxsecurity.com> > Sent: Wednesday, January 30, 2002 5:57 AM > Subject: apache and nimbda (fwd) > > > > Hi, > > > > I found this email interesting so I > > forwarding it to the list. > > > > ---------- Forwarded message ---------- > > Date: Tue, 29 Jan 2002 09:43:19 +0100 > > From: Tommaso Di Donato <t.didonato@sicurweb.it> > > To: focus-linux@securityfocus.com > > Subject: Re: apache and nimbda > > > > Hi! > > You can use iptables on the same machine: if you patch it with the string > > patch, you can drop packet with "cmd.exe", "root.exe", "default.ida", and > > so on... > > Try something like this: > > > > #!/bin/sh > > #Put here your external interface > > EXT_INT=eth1 > > > > iptables -I INPUT -p tcp -i $EXT_INT --dport 80 -m string --string > > "/cmd.exe" -j DROP > > iptables -A INPUT -p tcp -i $EXT_INT --dport 80 -m string --string > > "/root.exe" -j DROP > > iptables -A INPUT -m state --state REALTED,ESTABLISHED -j ACCEPT > > <and so on> > > ----------- End Forwarded message ---------- > > > > Regards, > > > > David Correa > > Public Key http://www.linux-tech.com/linuxtech.gpg > > Key fingerprint 7F2C E072 479D 71B4 008B 373E A284 8CDE 7659 F5D8 > > > > > > > > ------------------------------------------------------------------------ > > To unsubscribe email security-discuss-request@linuxsecurity.com > > with "unsubscribe" in the subject of the message. > > > > > > ------------------------------------------------------------------------ > To unsubscribe email security-discuss-request@linuxsecurity.com > with "unsubscribe" in the subject of the message. -- shiftee <shiftee@manifestation.org> ------------------------------------------------------------------------ To unsubscribe email security-discuss-request@linuxsecurity.com with "unsubscribe" in the subject of the message.
