From: Anders Fugmann <afu@fugmann.dhs.org>
To: "Joe de Vera Jr." <jhoedv@we-amuse.com>
Cc: netfilter@lists.netfilter.org
Subject: Re: Filtering Nimda, Code Red and Code Red II
Date: Wed, 11 Sep 2002 11:21:50 +0200 [thread overview]
Message-ID: <3D7F0B2E.3050501@fugmann.dhs.org> (raw)
In-Reply-To: 00a601c259ee$57f815c0$6500a8c0@systemsadmin
Joe de Vera Jr. wrote:
> hello fellas,
>
> can i make use of the iptables scripting to disable the access pages... for
> example for code red it access /default.ida page while in nimda /root.exe
> and cmd.exe
To some extention yes. You should use the 'string' match and patch your
kernel to support it, but it may not work in all cases.
The best way to stop it is to configure your webserver to disallow any
requests with the specified string. The webserver knows of the http
protocol, iptables does not.
--
Author of FIAIF
FIAIF is an Intelligen/Iptables Firewall
http://fiaif.fugmann.dhs.org
next prev parent reply other threads:[~2002-09-11 9:21 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-09-09 12:40 Is DIVERT w/o forwarding feasible? Yury Bokhoncovich
2002-09-11 8:16 ` Anders Fugmann
2002-09-11 13:39 ` Yury Bokhoncovich
2002-09-11 14:08 ` Anders Fugmann
2002-09-11 15:37 ` Antony Stone
2002-09-12 4:21 ` Yury Bokhoncovich
2002-09-11 23:50 ` using iptables to filter nimda. code red virus Joe de Vera Jr.
2002-09-13 9:57 ` Martijn Klingens
2002-09-13 10:21 ` Antony Stone
2002-09-11 23:52 ` Filtering Nimda, Code Red and Code Red II Joe de Vera Jr.
2002-09-11 9:21 ` Anders Fugmann [this message]
2002-09-11 10:42 ` Maciej Soltysiak
2002-09-11 12:48 ` Antony Stone
2002-09-11 13:59 ` Ramin Alidousti
2002-09-11 14:08 ` Roy Sigurd Karlsbakk
2002-09-11 14:40 ` Ramin Alidousti
2002-09-11 14:50 ` Antony Stone
2002-09-11 14:13 ` Antony Stone
2002-09-11 11:10 ` Martijn Klingens
2002-09-11 9:58 ` Fabrice MARIE
2002-09-11 12:00 ` Antony Stone
2002-09-12 6:38 ` Torge Szczepanek
2002-09-13 8:28 ` Jozsef Kadlecsik
2003-04-24 11:56 ` Is DIVERT w/o forwarding feasible? Yury Bokhoncovich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3D7F0B2E.3050501@fugmann.dhs.org \
--to=afu@fugmann.dhs.org \
--cc=jhoedv@we-amuse.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.