Re: how to block packets with specific words inside udp datagram???

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "hare ram" <hareram@sol.net.in>
To: netfilter@lists.netfilter.org
Subject: Re: how to block packets with specific words inside udp datagram???
Date: Mon, 13 Oct 2003 14:34:33 +0530	[thread overview]
Message-ID: <030701c39169$0547efe0$c2bf09ca@Housecall> (raw)
In-Reply-To: 000d01c390d6$89b13900$0201a8c0@leonardo

Hi

String is Pay load for the system
I have tried l7-filter
works well, look at this

l7-filter.sf.net

hare
----- Original Message ----- 
From: "Piotr P." <peterp@poczta.onet.pl>
To: <netfilter@lists.netfilter.org>
Sent: Sunday, October 12, 2003 9:05 PM
Subject: how to block packets with specific words inside udp datagram???


> Does anybody know how to block kaza with iptables ?
>
>     Kazza jump over ports, and hosts (if yopu block destinations to
> kazza.com, rr1.kazza.com & rr2.kazza.com kazza uses ip's of other users
that
> was cached during last downloading anything from anyone). The key is,
kazza
> use tah same word "KaZaA" inside an uupd datagram. Does any body know how
to
> block traffic with this word using iptables?
> Below is the sample dump:
>
> a sample dump using udp to communicate with the other users from its
> internal table and take note of different port  numbers used because these
> are the ports that had been previously connected...
>
> 11:03:23.343988 IP fooler.ilo.skyinet.net.1962 >
> cable-202-8-230-222.d-one.net.2911: udp 12
> 0x0000  4500 0028 a377 0000 8011 a5d5 ca4e 7642 E..(.w.......NvB
> 0x0010  ca08 e6de 07aa 0b5f 0014 c401 2700 0000 ......._....'...
> 0x0020  2980 4b61 5a61 4100                     ).KaZaA.
>
> 11:03:23.344282 IP fooler.ilo.skyinet.net.1962 > 202.8.251.31.1278: udp 12
> 0x0000  4500 0028 a378 0000 8011 9193 ca4e 7642 E..(.x.......NvB
> 0x0010  ca08 fb1f 07aa 04fe 0014 b621 2700 0000 ...........!'...
> 0x0020  2980 4b61 5a61 4100                     ).KaZaA.
>
> 11:03:23.344524 IP fooler.ilo.skyinet.net.1962 > 202.163.194.3.2844: udp
12
> 0x0000  4500 0028 a379 0000 8011 ca13 ca4e 7642 E..(.y.......NvB
> 0x0010  caa3 c203 07aa 0b1c 0014 e884 2700 0000 ............'...
> 0x0020  2980 4b61 5a61 4100                     ).KaZaA.
>
> 11:03:23.344762 IP fooler.ilo.skyinet.net.1962 > 202.69.170.153.3377: udp
12
> 0x0000  4500 0028 a37a 0000 8011 e1da ca4e 7642 E..(.z.......NvB
> 0x0010  ca45 aa99 07aa 0d31 0014 fe37 2700 0000 .E.....1...7'...
> 0x0020  2980 4b61 5a61 4100                     ).KaZaA.
>
>
>
>
> best regards,
> PeterP
>
> gadu-gadu: 818854
>         e-mail: peterp@poczta.onet.pl
>          www:  http://republika.pl/peterp
>             cell:  (++48) 606 675 729  (Mon - Fri, 8am-16pm ONLY!)
>            ICQ: 217990807
>
> -----------------------------------------------------------------------
> -----              Zapraszam na moje aukcje internetowe
>   -----
> -----         Lista auktualnych aukcji, zawsze pod
         -----
> ----- http://www.allegro.pl/show_user_auctions.php?uid=11609  -----
> -----------------------------------------------------------------------
>
>
>

     prev parent reply	other threads:[~2003-10-13  9:04 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-10-12 15:35 how to block packets with specific words inside udp datagram??? Piotr P.
2003-10-12 16:19 ` Cedric Blancher
2003-10-12 17:50 ` Chris Brenton
2003-10-12 18:59 ` Mark E. Donaldson
2003-10-13  9:04 ` hare ram [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='030701c39169$0547efe0$c2bf09ca@Housecall' \
    --to=hareram@sol.net.in \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.