From: "Darrell Dieringer" <netfilter@darrelldieringer.com>
To: netfilter@lists.samba.org
Subject: RE: Kaaza 2 jammer.
Date: Thu, 9 Jan 2003 12:58:38 -0600 [thread overview]
Message-ID: <IMEDICLPAGAOCBLCCKLPGENAEKAA.netfilter@darrelldieringer.com> (raw)
In-Reply-To: <565759501.20030109180351@wp.pl>
I've always wondered something about the string matching, but never
having used it, I haven't researched it enough to know...
Wouldn't netfilter also see the string "KazzaClient" in this email
message? I can imagine how that might cause problems if the string
matching rules aren't well crafted.
I see in the example posted by Tomasz Wrona that it only applies to
tcp packets forwared from the internal interface, narrowing the focus
qiute a bit. But wouldn't that also block an email message having
that string if sent from an internal machine?
Of course, the sender of that message may have indeed sent it from a
client on his internal network, and since I'm reading it, it must have
worked as intended.
I imagine placing a string matching rule, like the example, _after_
rules which accept other legitimate traffic (like smtp) would work
completely fine.
Looking for eduction on the topic.
Darrell Dieringer - Madison, WI
> -----Original Message-----
> From: netfilter-admin@lists.netfilter.org
> [mailto:netfilter-admin@lists.netfilter.org]On Behalf Of
> Tomasz Wrona
> Sent: Thursday, January 09, 2003 11:04 AM
> To: netfilter@lists.samba.org
> Cc: lartc@mailman.ds9a.nl
> Subject: Kaaza 2 jammer.
>
>
> Hello,
>
> Some people asked about matching [blocking] Kaaza 2 sessions.
> So try this simple rule:
>
> iptables -I FORWARD -i $internal_interface -p tcp -m string
> --string "KazaaClient" -j REJECT --reject-with tcp-reset
> [Or maybe worth to try -j TARPIT]
>
> In above rule I don't specify separate ports due to dynamic
> port allocation.
> This rule works fine, catches and reset completly Kaaza 1 and 2
> versions.
>
>
> Regards,
> tw
next parent reply other threads:[~2003-01-09 18:58 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <565759501.20030109180351@wp.pl>
2003-01-09 18:58 ` Darrell Dieringer [this message]
2003-01-10 2:18 ` Kaaza 2 jammer Joel Newkirk
2003-01-10 3:24 ` problem with ./runme in --batch mode. -- current p-o-m Alistair Tonner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=IMEDICLPAGAOCBLCCKLPGENAEKAA.netfilter@darrelldieringer.com \
--to=netfilter@darrelldieringer.com \
--cc=netfilter@lists.samba.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.