[Dshield] Apparent Errors in Adaptive Firewall Tutorial

David Cary Hart DShield at TQMcube.com
Sun Dec 25 20:12:24 GMT 2005


This tutorial is in the current RSS feed linking to
http://isc.sans.org/diary.php?rss&storyid=962. There are a couple of apparent errors
- possibly Netfilter version issues or distribution.

iptables -A INPUT -p tcp -d my.mail.server --dport 25 --tcp-flags ACK \
 ACK -m string --string "rcpt to: decode" \
 -j LOG --log-prefix " SID664 "

[Needs "--algo" (This applies to the following two rules as well).]

	iptables -A INPUT -p tcp -d my.mail.server --dport 25 --tcp-flags ACK \
 	ACK -m string --algo bm --string "rcpt to: decode" \
 	-j LOG --log-prefix " SID664 "

iptables -A INPUT -m recent --name MAILPROBER -j DROP

[Needs "--update" (rbcheck works but is inconsistent with the objective)]

	iptables -A INPUT -m recent --update --name MAILPROBER -j DROP

	
-- 
Our DNSRBL - 
           Eliminate Spam: http://www.TQMcube.com/spam_trap.php
          Multi-RBL Check: http://www.TQMcube.com/rblcheck.php
            Zombie Graphs: http://www.TQMcube.com/zombies.php
              GeoGraphics: http://www.TQMcube.com/origins.php


More information about the list mailing list