[GTER] Porta do Kazaa Ligth
Victor Pereira
vpereira at modulo.com.br
Thu Apr 3 14:17:00 -03 2003
Talvez uma forma interessante de usarmos isso, seja integrando com a base de
assinaturas do snort, para construção
de um IDS in line. Utilizando ainda os esquemas de chains, para nao
sobrecarregar o bixinho.
abraços,
VP
-----Original Message-----
From: gter-admin at eng.registro.br [mailto:gter-admin at eng.registro.br]On
Behalf Of Marcus Grando
Sent: Thursday, April 03, 2003 10:42 AM
To: gter at eng.registro.br
Subject: Re: [GTER] Porta do Kazaa Ligth
Achei mais isso para quem servir (pelas strings):
#Build INSPECT
#Gnutella
/sbin/iptables -A INSPECT -p TCP -m string --string "GNUTELLA
CONNECT/0.6" -j INSDROP
#/sbin/iptables -A INSPECT -p TCP -m string --string "GNUTELLA/0.6" -j
INSDROP
#FastTrack (KaZaA, Grokster)
/sbin/iptables -A INSPECT -p TCP -m string --string "X-Kazaa-Username:"
-j INSDROP
/sbin/iptables -A INSPECT -p TCP -m string --string "X-Kazaa-Network:"
-j INSDROP
/sbin/iptables -A INSPECT -p TCP -m string --string
"X-Kazaa-SupernodeIP:" -j INSDROP
#DirectConnect
/sbin/iptables -A INSPECT -p TCP -m string --string "\$ValidateNick " -j
INSDROP
/sbin/iptables -A INSPECT -p TCP -m string --string "\$HubName " -j INSDROP
#IMesh
/sbin/iptables -A INSPECT -p UDP -m string --string "fileshare" -j INSDROP
#Swaptor/FileNavigator
/sbin/iptables -A INSPECT -p TCP -m string --string "2000 Server ready"
-j INSDROP
Abraços
--
Marcus Grando
<marcus at sbh dot eng dot br>
--
GTER list http://eng.registro.br/mailman/listinfo/gter
More information about the gter
mailing list