Use a web browser and send the cmd.exe attack string to a server the
firewall is protecting and see if it drops your connectin and is logged.
or just wait a while...someone will surely scan that server with the
CodeRed signature.
On Tue, 18 Jun 2002, Pyuesh Daya wrote:
>
> Hi Guys
>
> Has anybody tried to --string command to match a header string and deny the packet. For example :
>
> $IPTABLES -t filter -I FORWARD -i eth0 -p tcp --dport 80 -m string --string="cmd.exe" -j LOG --log-level $LOGLEVEL --log-prefix "String Header Match"
>
> How would I actually check if this works.
>
------------------------------------------------------------------------
To unsubscribe email security-discuss-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
