Re: ipt_string problems and FAQ

All of lore.kernel.org
 help / color / mirror / Atom feed

From: cc <cc@belfordhk.com>
To: Netfilter Group <netfilter@lists.netfilter.org>
Subject: Re: ipt_string problems and FAQ
Date: Mon, 01 Sep 2003 09:41:09 +0800	[thread overview]
Message-ID: <3F52A3B5.6090606@belfordhk.com> (raw)
In-Reply-To: <200308271319.29439.tabris@tabris.net>

Tabris wrote:
> Ok, i admit to finding a message in the archive that mentioned that we're 
> not supposed to use ipt_string for stopping code red and such (it says 
> there's an FAQ entry for it, which i did not find), so first, I'd like to 
> ask where this FAQ entry is...

It's actually in the Netfilter-Extensions FAQ, under -m strings module.

> 
> second, I've been using ipkungfu to attempt to stop codered, nimda, etc 
> from hitting my apache server and clogging up my logs.
> 
> It's not working, the rules never trigger. I've played around with it to 
> no avail.

Which doesn't work?  ipt_string or ipkungfu, or both?  Have you
installed the kernel patch and have recompiled your kernel?

> I guess, if this doesn't work, and isn't supposed to work, what SHOULD I 
> do?

Find an alternative, I guess.   I too have been trying to figure
this out myself, but I suppose ipt_string wasn't meant to be used
like that(though, I can't see why not, but that's a different
topic).  I was told to use the correct tool for the job.

Snort w/ snortsam is the type of setup I'm using right now; though
I'm still figuring out if it is indeed working.  The logs are
showing a decrease in junk; but still, some are seeping through.
*sigh*

> I'm using a kernel 2.4.22-pre series kernel with some patch-o-matic 
> iptables patches. I hope this doesn't end up being another of those 
> stupid questions that never gets answered.

I don't know.  What do you think? ;)

next prev parent reply	other threads:[~2003-09-01  1:41 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-08-27 17:19 ipt_string problems and FAQ Tabris
2003-09-01  1:41 ` cc [this message]
2003-09-01 11:03 ` Maciej Soltysiak
2003-09-01 12:21   ` Tabris
2003-09-04 18:28     ` Michael
2003-09-03  8:43   ` Sven Riedel
2003-09-03 13:16     ` Ralf Spenneberg

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=3F52A3B5.6090606@belfordhk.com \
    --to=cc@belfordhk.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.