Re: Question on IPTables

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




Use a web browser and send the cmd.exe attack string to a server the 
firewall is protecting and see if it drops your connectin and is logged.

or just wait a while...someone will surely scan that server with the 
CodeRed signature.

On Tue, 18 Jun 2002, Pyuesh Daya wrote:

> 
> Hi Guys
> 
> Has anybody tried to --string command to match a header string and deny the packet. For example :
> 
> $IPTABLES -t filter -I FORWARD -i eth0 -p tcp --dport 80 -m string --string="cmd.exe" -j LOG --log-level $LOGLEVEL --log-prefix "String Header Match"
> 
> How would I actually check if this works.
> 

------------------------------------------------------------------------
     To unsubscribe email security-discuss-request@linuxsecurity.com
         with "unsubscribe" in the subject of the message.


[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux