Re: iptables and tcpdump

To: debian-russian@lists.debian.org
Subject: Re: iptables and tcpdump
From: Stanislav Maslovski <stanislav.maslovski@gmail.com>
Date: Mon, 28 Sep 2009 00:17:54 +0400
Message-id: <[🔎] 20090927201754.GA6522@kaiba.homelan>
Mail-followup-to: debian-russian@lists.debian.org
In-reply-to: <[🔎] 20090927195932.GB4137@kaiba.homelan>
References: <[🔎] h9nt1e$6hk$3@aioe.org> <[🔎] 20090927195932.GB4137@kaiba.homelan>

On Sun, Sep 27, 2009 at 11:59:32PM +0400, Stanislav Maslovski wrote:
> On Sun, Sep 27, 2009 at 02:32:14PM +0000, Sydoruk Yaroslav wrote:
> > 3. нужно блокать такие syn пакет у которых например offset=0.
> 
> --u32 "0 >> 22 & 0x3C @ 12 >> 12 = 0"

На всякий случай уточняю:

--protocol tcp --syn --match u32 --u32 "0 >> 22 & 0x3C @ 12 >> 12 = 0"

Ну и хотелось бы узнать еще, зачем Ярославу это надо.

-- 
Stanislav

Reply to:

Follow-Ups:
- Re: iptables and tcpdump
  - From: Sydoruk Yaroslav <swift@mirohost.net>

References:
- iptables and tcpdump
  - From: Sydoruk Yaroslav <swift@mirohost.net>
- Re: iptables and tcpdump
  - From: Stanislav Maslovski <stanislav.maslovski@gmail.com>

Prev by Date: Re: iptables and tcpdump
Next by Date: Re: Lenny. Как убрать маркер PGP из тела письма?
Previous by thread: Re: iptables and tcpdump
Next by thread: Re: iptables and tcpdump
Index(es):
- Date
- Thread