[CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables
John R Pierce
pierce at hogranch.com
Wed Aug 31 16:11:29 UTC 2011
On 08/31/11 9:00 AM, Always Learning wrote:
> No I do not want "another piece of software to parse the http protocol
> and analyze the traffic".
>
> IT Tables, in which I have great confidence and trust, can do it.
iptables will filter on packet headers and such at layer 3, it can't and
won't analyze the content of packets, regardless of your emotional
attachments.
>> > of course, to even consider doing such you would have to, in very
>> > precise terms, define exactly what comprises a 'hacking attempt'. do
>> > you give this filter a list of all valid URLs and trigger your block on
>> > any that aren't on that list?
> My definition: a hacking attempt is deliberately, meaning not a typing
> error, sending an invalid web page request. Obviously one should exclude
> the 'standard' wrong URLs issued by some software like the M$ Office
> responses and crossdomain requests.
I said precisely. computers don't understand 'deliberate' vs 'typing
error', those are subjective measures.
--
john r pierce N 37, W 122
santa cruz ca mid-left coast
More information about the CentOS
mailing list