[CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables

Wed Aug 31 13:57:17 UTC 2011
Mike <mike at microdel.org>

Perhaps the most important point here is that the script kiddies and/or 
bots usually make sure the target string, 'login' in your example is *not* 
contained within a single packet.  You can verify this with wireshark.  In 
any case just be aware that your solution will likely not have the desired 
effect.

This a decent read: http://spamcleaner.org/en/misc/w00tw00t.html
Specifically the Conclusion section near the bottom.

On Wed, 31 Aug 2011, Always Learning wrote:

>
> On a VPS I wanted to add to IP tables:-
>
> iptables -A XXXX -p tcp -m string --algo bm --string 'login' -j DROP
>
> I got:
>
> 	iptables: Unknown error 18446744073709551615
>
> uname -a =  2.6.35.4 #2  (don't know how this got installed)
>
> lsmod | grep ipt = ipt_LOG   5419  2
>
> yum upgrade iptables* = nothing to install.
>
> ---------------------------------------
>
> On a standalone server (C 5.6)
>
> iptables -A XXXX -p tcp -m string --algo bm --string 'login' -j DROP
>
> is accepted.
>
> uname -a =  2.6.18-274.el5 #1
>
> lsmod | grep ipt =
> ipt_LOG                39617  1
> iptable_filter         36161  1
> ip_tables              55457  1 iptable_filter
> x_tables               50505  6
> xt_string,xt_state,ipt_LOG,xt_tcpudp,ip_tables,ip6_tables
>
> ------------------------------------------------
>
> Appreciate suggestions on how to get kernel 2.6.35.4 to install the
> whole IP tables package, especially the STRING and RECENT options (in
> -m).
>
> Thank you.
>
> Paul.
>
>