Firewall Wizards mailing list archives
RE: [despammed] Blocking IRC ....
From: "Jose Eduardo B. Nunes Martins" <jemart () student dei uc pt>
Date: Fri, 23 Jan 2004 22:00:06 +0000 (WET)
Is it my mistake or does this drops ALL packets with the specified strings? Would an HTML page with those strings have his (or some of his) packet droped? On Mon, 19 Jan 2004, Eric Appelboom wrote:
Or if you really want to be classy using just IPTables use string matching support iptables -I INPUT -j DROP -p tcp -d 0.0.0.0/0 -m string --string "JOIN \: \#" iptables -I INPUT -j DROP -p tcp -d 0.0.0.0/0 -m string --string "PRIVMSG " http://www.securityfocus.com/infocus/1531 Cheers Eric -----Original Message----- From: Eric Appelboom Sent: 19 January 2004 10:54 AM To: 'Vishwanath V'; firewall-wizards () honor icsalabs com Subject: RE: [despammed] [fw-wiz] Blocking IRC .... Use snort with flexresp RULE-LOCKED:alert tcp $HOME_NET any -> !$SAFE_IRC any (msg:"CHAT IRC channel join"; flow:to_server,established; content:"JOIN \: \#"; nocase; offset:0; classtype:misc-activity; sid:1729; rev:2; resp: rst_all;) RULE-LOCKED:alert tcp $HOME_NET any -> !$SAFE_IRC any (msg:"CHAT IRC message"; flow:to_server,established; content:"PRIVMSG "; nocase; offset:0; classtype:misc-activity; sid:1463; rev:3; resp: rst_all;) I defined !$SAFE_IRC as IRC server I don't block. This also block IRC over nonstandard ports. Regards Eric -----Original Message----- From: Vishwanath V [mailto:thelinuxguyis () yahoo co in] Sent: 14 January 2004 12:47 PM To: firewall-wizards () honor icsalabs com Subject: [despammed] [fw-wiz] Blocking IRC .... Hi guys, I just joined the list. I need some help wrt iptables. I have a linux gateway machine acting as a IP_masq/firewall. My policy is a basic deny all. I wana block machnies on my LAN from using irc client. Thanks in advance. Visu ________________________________________________________________________ Yahoo! India Mobile: Download the latest polyphonic ringtones. Go to http://in.mobile.yahoo.com _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards ---------------------------------------------- Filtered by despammed.com. Tracer: /headers/TAA027571074475835 Consider a PayPal donation to help Despammed stay a step or two ahead of the bad guys. A new PayPal donation button is now on the home page. Thanks! _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
-- JoseM "Compaq are the most poorly designed PCs I've ever seen.." - Andrew http://7mares.terravista.pt/zemartins telnet://spunge.org:6969 _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: [despammed] Blocking IRC .... Eric Appelboom (Jan 21)
- <Possible follow-ups>
- RE: [despammed] Blocking IRC .... Eric Appelboom (Jan 22)
- RE: [despammed] Blocking IRC .... Jose Eduardo B. Nunes Martins (Jan 23)
- Re: Blocking IRC .... Dennis Freise (Jan 26)
- RE: [despammed] Blocking IRC .... Jose Eduardo B. Nunes Martins (Jan 23)
- RE: [despammed] Blocking IRC .... Eric Appelboom (Jan 26)