string match

string match

[richard lucassen]

Hello list,

Is it possible to select the last 8 bytes of a HEX string using the
"string" module?

Purpose: I want to create a "DNS ANY query" recent-filter (tons
of these queries from China). The last 8 bytes of such a query seem to
be:

00 FF 00 01

but AFAIU the manpage I can't use the --to and --from offset settings as
the length of the packet is variable.

Anyone another solution to block these queries?

R.

-- 
___________________________________________________________________
It is better to remain silent and be thought a fool, than to speak
aloud and remove all doubt.

+------------------------------------------------------------------+
| Richard Lucassen, Utrecht                                        |
| Public key and email address:                                    |
| http://www.lucassen.org/mail-pubkey.html                         |
+------------------------------------------------------------------+

Re: string match

[Pablo Neira Ayuso]

Don Hughes wrote:
> Trying to compile iptables 1.3.4 against a 2.6.8 kernel 
> and am getting error on the ipt-string.c code:
> 
> extensions/libipt_dscp_helper.c:69: warning: 
> `dscp_to_name' defined but not used
> extensions/libipt_CLUSTERIP.c: In function 
> `final_check':
> extensions/libipt_CLUSTERIP.c:173: warning: suggest 
> parentheses around comparison in operand of &
> extensions/libipt_string.c: In function `init':
> extensions/libipt_string.c:61: error: structure has no 
> member named `to_offset'

The string match is available since kernel 2.6.14. Another reason can be
that you're using an old patch that used to be available in pom-ng, in
that case, such patch is obsolete.

-- 
Pablo

String match

[Don Hughes]

Is the string match module ever going to be 
updated to work with current kernels?


..don

support@microtechniques.com
White Plains, NY

Re: string match

[Guillowind]

string patch works fine on 2.4.x but i also have tried on 2.6 with no success as of yet does anyone know of a replacement?, I have implemented TARPIT and psd on 2.6.x and would really like to incorporate string as well.


Brian

Re: string match

[Rio Martin.]

On 02 September 2004 pm 21:01, Marcelo Eller de Amorim - CAT wrote:
> Hi!
> I would like to know how to use the STRING MATCH module under kernel
> 2.6.x, I tried to use the patch-o-matic-ng and this patch said that this
> module is already applied, but when I access the configuration menu of the
> kernel, this module does not appear to be selected.
> I set the configuration menu to show all the option including the
> (EXPERIMENTAL) ones, but it does not take effect.
> I'm suspecting that this module isn't compile on the kernel anymore
> becouse the iptables-2.6.11 has this module inside it, but I tried to use
> it without success.
> I'm using the SuSE 9.1 | Kernel 2.6.4-52-default | iptables-2.6.9
> Any help would be usefull.
> Thanks



Try it on latest kernel of 2.4.xx first, 
Because i've tried many patches of POM didnt work with 2.6 kernel.

- Rio.Martin -

string match

[Marcelo Eller de Amorim - CAT]

Hi!

I would like to know how to use the STRING MATCH module under kernel 
2.6.x, I tried to use the patch-o-matic-ng and this patch said that this 
module is already applied, but when I access the configuration menu of the 
kernel, this module does not appear to be selected.

I set the configuration menu to show all the option including the 
(EXPERIMENTAL) ones, but it does not take effect.


I'm suspecting that this module isn't compile on the kernel anymore 
becouse the iptables-2.6.11 has this module inside it, but I tried to use 
it without success.


I'm using the SuSE 9.1 | Kernel 2.6.4-52-default | iptables-2.6.9


Any help would be usefull.


Thanks

string match

[Don Hughes]

Is there a version of the string match that works with the 2.6.5 
kernel?

..don

support@microtechniques.com
White Plains, NY