From: David Cannings <lists@edeca.net>
To: netfilter@lists.netfilter.org
Subject: Re: Can netfilter do this?
Date: Thu, 25 Mar 2004 12:20:09 +0000 [thread overview]
Message-ID: <200403251220.09559.lists@edeca.net> (raw)
In-Reply-To: <4062C994.5000506@rochester.rr.com>
On Thursday 25 March 2004 11:59, Joe Mott wrote:
> I have been searching the archived lists without any success to have
> the following question answered:
>
> Is netfilter capable of knowing when someone is crafting SMTP (or FTP
> or HTTP or ...) packets that violate RFC rules to exploit a
> vulnerability in some server?
No, that is the job for some form of IDS, such as Snort. Whilst netfilter
can look inside the contents of packets it can only do so on a packet by
packet basis. An HTTP request, SMTP conversation (etc) is likely to be
so large it spans multiple packets. When text wraps the boundary of one
packet netfilter can no longer help, some form of reassembly is required
before the "full" text can be read and taken into context.
David
next prev parent reply other threads:[~2004-03-25 12:20 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-03-25 11:59 Can netfilter do this? Joe Mott
2004-03-25 12:14 ` Gavin Hamill
2004-03-25 12:20 ` David Cannings [this message]
2004-03-25 12:33 ` Ray Leach
2004-03-25 21:56 ` Frederic de Villamil
-- strict thread matches above, loose matches on Subject: below --
2004-03-25 17:23 Daniel Chemko
2004-03-25 20:53 Small, Jim
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200403251220.09559.lists@edeca.net \
--to=lists@edeca.net \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox