Lavinius Romio Petru babbled on about: > So far so good, but you can be using --sport too to only allow > connections from priveleged ports, and I olso played with something like
example? where in this code would it go? advantages? disadvantages? > this > /sbin/iptables -I INPUT -i eth0 -p tcp --tcp-flags ACK ACK --dport 80 \ > -m string --string 'cmd.exe' -j REJECT --reject-with tcp-reset > and add it permanent for a few days as well as for root.exe, but it > looks good so far!!! actually, I prefer to let the hits in, as I have things in place to trap them and .. uh.. "deal" with the offending machine <g> (check the archives from mail-archive.com to see the details.. -- Douglas J Hunley (doug at hunley.homeip.net) - Linux User #174778 Admin: Linux StepByStep - http://linux.nf panic("sun_82072_fd_inb: How did I get here?"); 2.2.16 /usr/src/linux/include/asm-sparc/floppy.h _______________________________________________ Linux-users mailing list Archives, Digests, etc at http://linux.nf/mailman/listinfo/linux-users