<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1">
<title></title>
</head>
<body>
yeah I saw this page. I don't think I have the string matching on my
FW. I get cannot load library or something lke that. I'm not worried
about it. Just told my buddy he's out of luck for now. I won't be able
to walk him through recompiling kernels for expaerimental stuff.
Thanks for all the help though. I may play with some of it just for
fun. <br>
<br>
<br>
<br>
Mark Musone wrote:<br>
<blockquote type="cite"
cite="mid001601c309b5$696e1b20$3301a8c0@shatterit.com">
<pre wrap=""> I guess nobody went to the web site I had in my email :^)
You want to do something like this in a string match for iptables:
iptables -A (CHAIN) -p TCP -m string --string "KAZAA CONNECT/" -j DROP
..or a string similar to that..
HOWEVER that also means the if somebody id something such as sent an
email
With that string, it too would get dropped..so you need to be real
careful
If you go to the URL I mentioned, theres a number of iptable entries and
strings to use..
(unless my hunch is correct, and nobody Is actually getting my
emails..are people getting this??)
-Mark
-----Original Message-----
From: <a class="moz-txt-link-abbreviated" href="mailto:owner-nflug@nflug.org">owner-nflug@nflug.org</a> [<a class="moz-txt-link-freetext" href="mailto:owner-nflug@nflug.org">mailto:owner-nflug@nflug.org</a>] On Behalf Of
Mark T. Valites
Sent: Wednesday, April 23, 2003 12:20 PM
To: <a class="moz-txt-link-abbreviated" href="mailto:nflug@nflug.org">nflug@nflug.org</a>
Subject: Re: Kazaa and iptables
On Wed, 23 Apr 2003, Justin Bennett wrote:
</pre>
<blockquote type="cite">
<pre wrap="">I think I need to look for connect strings and such in the packets. I
think it's going to be a bear. Anyone had any luck with string matches
in IP tables I've never played with it.
</pre>
</blockquote>
<pre wrap=""><!---->
The string matching capabilites in IPTables are also experimental. The
problem with string matching is that all connections are fragmented into
packets. You will probably have a great deal of difficulty matching
against a string - what you're trying to do may not even be possible.
But
if you are able to snag a packet with a certain string in it, you could
then mark the entire connection as "bad" with the stateful inspection
tracking in IPTables. The ip_conntrack table may be helpfull to you for
this.
I wouldn't spend a lot of time looking into it, but instead spend your
time on figuring out packet shaping instead.
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Justin Bennett
Network Administrator
RHCE (Redhat Certified Linux Engineer)
Dynabrade, Inc.
8989 Sheridan Dr.
Clarence, NY 14031
</pre>
</body>
</html>