|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: [suse-security] iptables rules for HTML Form Protocol Attack
From: studio3arc.com Admin (admin
studio3arc.com)
Date: Thu Jul 10 2003 - 11:24:28 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Well they seem to be posting to port 25. If your not using port 25 for
anything specific then just block the port. Other wise you can enable
the string option in Iptables to search for a specific text then drop
it.
>
> Hi All,
>
> Last days I often see below messages in Apache log files:
> 1.1.1.1 - - [09/Jul/2003:17:32:00+0200] "POST
> http://11.1.106.18:25/ HTTP/1.1" 200 475 > "-" "-"
>
> I suspect
> some kind of HTML protocol attack and want to stop this. Can I
> do it somehow with IP-Tables as it is already installed on
> the server or
> do you have any other ideas? I use SuSE 8.1 and SuSEfirewall2
> with SuSEfirewall2-custom rules.
>
> Thanks for your replies.
>
>
> Muammer
>
--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]