Kazaa and iptables

[Mark Musone]

 I guess nobody went to the web site I had in my email :^)

You want to do something like this in a string match for iptables:


iptables -A (CHAIN) -p TCP -m string --string "KAZAA CONNECT/" -j DROP

..or a string similar to that..
HOWEVER that also means the if somebody id something such as sent an
email
With that string, it too would get dropped..so you need to be real
careful

If you go to the URL I mentioned, theres a number of iptable entries and
strings to use..

(unless my hunch is correct, and nobody Is actually getting my
emails..are people getting this??)

-Mark


-----Original Message-----
From: owner-nflug at nflug.org [mailto:owner-nflug at nflug.org] On Behalf Of
Mark T. Valites
Sent: Wednesday, April 23, 2003 12:20 PM
To: nflug at nflug.org
Subject: Re: Kazaa and iptables

On Wed, 23 Apr 2003, Justin Bennett wrote:

> I think I need to look for connect strings and such in the packets. I
> think it's going to be a bear. Anyone had any luck with string matches
> in IP tables I've never played with it.

The string matching capabilites in IPTables are also experimental.  The
problem with string matching is that all connections are fragmented into
packets.  You will probably have a great deal of difficulty matching
against a string - what you're trying to do may not even be possible.
But
if you are able to snag a packet with a certain string in it, you could
then mark the entire connection as "bad" with the stateful inspection
tracking in IPTables.  The ip_conntrack table may be helpfull to you for
this.

I wouldn't spend a lot of time looking into it, but instead spend your
time on figuring out packet shaping instead.

-- 
Mark T. Valites
Unix Systems Analyst
CIT - SUNY Geneseo
>--))> >--))>