Kazaa and iptables

Justin Bennett justin.bennett at dynabrade.com
Wed Apr 23 13:02:21 EDT 2003 

yeah I saw this page. I don't think I have the string matching on my FW. 
I get cannot load library or something lke that. I'm not worried about 
it. Just told my buddy he's out of luck for now. I won't be able to walk 
him through recompiling kernels for expaerimental stuff.  Thanks for all 
the help though. I may play with some of it just for fun.



Mark Musone wrote:

> I guess nobody went to the web site I had in my email :^)
>
>You want to do something like this in a string match for iptables:
>
>
>iptables -A (CHAIN) -p TCP -m string --string "KAZAA CONNECT/" -j DROP
>
>..or a string similar to that..
>HOWEVER that also means the if somebody id something such as sent an
>email
>With that string, it too would get dropped..so you need to be real
>careful
>
>If you go to the URL I mentioned, theres a number of iptable entries and
>strings to use..
>
>(unless my hunch is correct, and nobody Is actually getting my
>emails..are people getting this??)
>
>-Mark
>
>
>-----Original Message-----
>From: owner-nflug at nflug.org [mailto:owner-nflug at nflug.org] On Behalf Of
>Mark T. Valites
>Sent: Wednesday, April 23, 2003 12:20 PM
>To: nflug at nflug.org
>Subject: Re: Kazaa and iptables
>
>On Wed, 23 Apr 2003, Justin Bennett wrote:
>
>  
>
>>I think I need to look for connect strings and such in the packets. I
>>think it's going to be a bear. Anyone had any luck with string matches
>>in IP tables I've never played with it.
>>    
>>
>
>The string matching capabilites in IPTables are also experimental.  The
>problem with string matching is that all connections are fragmented into
>packets.  You will probably have a great deal of difficulty matching
>against a string - what you're trying to do may not even be possible.
>But
>if you are able to snag a packet with a certain string in it, you could
>then mark the entire connection as "bad" with the stateful inspection
>tracking in IPTables.  The ip_conntrack table may be helpfull to you for
>this.
>
>I wouldn't spend a lot of time looking into it, but instead spend your
>time on figuring out packet shaping instead.
>
>  
>

-- 
Justin Bennett
Network Administrator
RHCE (Redhat Certified Linux Engineer)
Dynabrade, Inc.
8989 Sheridan Dr.
Clarence, NY 14031
 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.nflug.org/pipermail/nflug/attachments/20030423/9038c91a/attachment-0001.html

More information about the nflug mailing list