(no subject)

Jose Maria Lopez jkerouac at eresmas.com
Sat Sep 4 17:40:59 CEST 2004


El sáb, 04 de 09 de 2004 a las 11:12, Newbie escribió:
> Hi,
>  
> I am not an expert in the whole packet filtering thing (hence my nickname), but I have heard previously, that it is possible to send a 'fake packet'. By this, I mean that lets say the packet header is a TCP packet, whereas the body content is something nasty. Does IP tables filter this sort of packet, or would it be more down to the IDS such as snort?
> 
> Thanks
> 
> Antony

Iptables rules usually don't inspect the content of the packet, and even
when using 'string' or something similar the inspection is very basic,
besides the body data can be coded in many ways (HTTP is an example)
that can fool 'string'. You need an IDS that reassembles the sessions
and inspects them to see if the content of the packet is really
'nasty'.


-- 
Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac at bgsec.com
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAÑA

The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
                -- Jack Kerouac, "On the Road"




More information about the netfilter mailing list