Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Jeff Franks
April 5, 2005, 2:26 am
rate this thread
I have a server app (a game) that is being shutdown by a hacker. From what
I can tell, he is simply sending a series of oversized packets to the game
port and BZZZT, the game errors out. Granted this is an old game that
should be able to handle a buffer overrun, but that being the case.....
Can I use IPTables to detect when a BO is occurring or to monitor packet
size and stop this kind of event?
any ideas are appreciated.
Re: Limiting Packet Size
well firstly you need to know what is 'special' about the packets that you
can use to identify them. Ethereal is your friend here.
In the case you described, if you know packets should never be any larger
than 'x' then simply use:
iptables -A INPUT -p <proto> --dport <port> -m length --length <x>: -j DROP
where '<x>' is the maximum size plus one byte of the packet's you would
expect to see, protocol is (most likely) either 'tcp' or 'udp' and <port> is
the port number used. If the exploit is spread over several packets then you
run into problems and might have to come up with some special CONNMARK
One word of advice, no matter what people tell you 'string' is not a Good
Idea(tm) in *any* firewall; it should only be used to very quickly in the
short term to protect an application from an exploit where no patch exists.
If the patch never ends up existing do not run the software....
- » Cloud Ace Technologies is offering Implementation Services on Cloud Computing, Cloud Serv...
- — Newest thread in » Linux Security