Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. General Discussion (Legacy)
  4. Topic: IPTABLES
« previous next »
Pages: [1]   Go Down

IPTABLES

  • 2 Replies
  • 698 Views

jabbasi

IPTABLES
« on: March 15, 2004, 12:10:21 AM »
Hello

I have tried hard to find out How Iptables rules are applied or created on SME 6.0, I have been trying locate files to see the listing of rules but have not been successful so far.

I have also question that How can Nimda virus for port 80 can be blocked, is it built in mechanism, or we can put rules for iptables.

thnaks
Logged

Offline Rigger

  • ****
  • 71
  • +0/-0
IPTABLES
« Reply #1 on: March 15, 2004, 04:39:04 AM »
To see the some examples look at the commands in the file /etc/rc.d/init.d/masq.

As for the nimda probes since SME is not a windows based machine it's basically harmless to you, other than wasting your bandwith or unless you are port forwarding to a windows machine for your web server.

I had found this little trick for using httpd.conf to deal with the scans. It redirects Nimda/Code Red scans to microsoft.

/etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/75AddRedirectNimda

Quote


# Redirect Nimda/Code Red attacks to Microsoft. They caused the
# problem they can deal with it. :)


RedirectMatch (.*)/system32(.*) http://support.microsoft.com
RedirectMatch (.*)/Admin.dll http://support.microsoft.com
RedirectMatch (.*)/root.exe http://support.microsoft.com
RedirectMatch (.*)/cmd.exe http://support.microsoft.com
RedirectMatch (.*)/default.ida http://support.microsoft.com
RedirectMatch (.*)/httpodbc.dll http://support.microsoft.com



or if your don't feel like redirecting the hit to Microsoft use this in /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/75AddRedirectNimba instead.

Quote


AliasMatch (.*)/system32(.*) "/home/e-smith/files/ibays/Primary/html/worm.html"
AliasMatch (.*)/Admin.dll "/home/e-smith/files/ibays/Primary/html/worm.html"
AliasMatch (.*)/root.exe "/home/e-smith/files/ibays/Primary/html/worm.html"
AliasMatch (.*)/cmd.exe "/home/e-smith/files/ibays/Primary/html/worm.html"
AliasMatch (.*)/default.ida "/home/e-smith/files/ibays/Primary/html/worm.html"
AliasMatch (.*)/httpodbc.dll "/home/e-smith/files/ibays/Primary/html/worm.html"



If you use the second one you also have to create a html file;

/home/e-smith/files/ibays/Primary/html/worm.html

Quote


<HTML><HEAD></HEAD><BODY>Go away</BODY></HTML>




--
Doug M.
"Rigger"
Logged

Muzo

IPTABLES
« Reply #2 on: March 15, 2004, 09:05:14 AM »
Hi,

To stop Nimda and code red attack with iptable, you must have mod_string activated on your SME's Kernel.
It isn't by default.

So Rigger solution isn't too bad.  :hammer:
Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. General Discussion (Legacy)
  4. Topic: IPTABLES