Re: ipchains --string on http

2002-08-13 Thread Nadav Har'El
On Wed, Aug 14, 2002, Oleg Kobets wrote about "Re: ipchains --string on http": > you forget that HTTP is stateless protocol. after one GET you will be > disconnected. This is only strictly true in HTTP 0.9, a standard that nobody is using for at least 5 years. You can make requ

Re: ipchains --string on http

2002-08-13 Thread Oleg Kobets
quot; <[EMAIL PROTECTED]>; "My Own Private List" <[EMAIL PROTECTED]> Sent: Tuesday, August 13, 2002 10:24 PM Subject: Re: ipchains --string on http > Quoth Guy Cohen: > > > yes, but why netfilter transfers the connection to apache in the first > > place? &g

Re: ipchains --string on http

2002-08-13 Thread Official Flamer/Cabal NON-Leader
Quoth Guy Cohen: > yes, but why netfilter transfers the connection to apache in the first > place? Do it manually ;-)... ---cuttez---dicez---removez---slicez---ambutez---choppez--- telnet foo.bar.com 80 GET / GET /zumbu.html GET /root.exe/uweriwurhiwu?39804759834579suhfksdfhksjdf/389457983457

Re: ipchains --string on http

2002-08-13 Thread Guy Cohen
On Tue, Aug 13, 2002 at 11:01:56PM +0300, Official Flamer/Cabal NON-Leader wrote: > > Therefore, you CANNOT prevent logging info without KNOWING in advance > that some form of an attack is going to be following a legal connection, > OR having the kernel inform the application (i.e. netfilter info

Re: ipchains --string on http

2002-08-13 Thread Official Flamer/Cabal NON-Leader
Quoth Official Flamer/Cabal NON-Leader: > The version I have does not have THAT. Mine's Debian, so they COULD have > chopped it out. Or, it could have been the other way around - it is not Yes, debian HAS compiled netfilter without extensions. ==

Re: ipchains --string on http

2002-08-13 Thread Official Flamer/Cabal NON-Leader
Quoth Guy Cohen: > On Tue, Aug 13, 2002 at 09:59:40PM +0300, Official Flamer/Cabal NON-Leader wrote: > > assume you have developed it yourself. If I am mistaken, please indicate > > which version of iptables you are using. > > 1.2.6a > look in README The version I have does not have THAT. Mine'

Re: ipchains --string on http

2002-08-13 Thread Guy Cohen
On Tue, Aug 13, 2002 at 09:59:40PM +0300, Official Flamer/Cabal NON-Leader wrote: > Quoth Guy Cohen: > > > Hello, > > > > I'm trying to discarded all those annoying windows unicode breakin attempts, > > iptables -A INPUT -j REJECT -p tcp --dport 80 -m string --string "cmd.exe" > > Since as of i

Re: ipchains --string on http

2002-08-13 Thread Official Flamer/Cabal NON-Leader
Quoth Guy Cohen: > Hello, > > I'm trying to discarded all those annoying windows unicode breakin attempts, > iptables -A INPUT -j REJECT -p tcp --dport 80 -m string --string "cmd.exe" Since as of iptables v1.2.6a I can find no such match rule or option, I assume you have developed it yourself.