URLSCAN tool MS = Linux tool ?

OB1 · 10-04-2002, 02:56 PM

I am needing to forward ports on my firewall coming in on port 80 to an internal Web server (MS IIS) and I know that they have a urlscan tool to help eliminate possible exploits on this machine but I was hoping that Linux had an equivalent program I could run on my firewall (ipchains) that would keep most of these URL exploits from ever entering my LAN and just get filtered at the firewall to help eliminate this before getting to my web server.

thanks,
K

d3funct · 10-04-2002, 03:31 PM

Have you read the IPchains how-to? Also, you should probably upgrade to get IPTABLES since 1) ipchains is soon to be deprecated and 2) You can define IPTABLES (a stateful firewall) to do much of this for you.

OB1 · 10-04-2002, 04:16 PM

I have read ipchains and have looked over iptables but I have not seen anything that allows looking at the actual content of a packet that would allow you to reject or accept based on that content. The only thing I have seen is making a decision based on src/dst or ports, not the actual content where the URL would be. Maybe you could enlighten me as to where this filtering occurs within either of these two programs.

neo77777 · 10-05-2002, 12:58 AM

You can utilize snort and iptables to do so,
http://www.snort.org , snort rules allow you to see what's comming and getting out based on the rules configuration.
http://www.netfilter.org
Also take a look at adaptive firewall http://linuxgazette.org/issue82/veerapen.html
Rewrite the iptables rules to suite your environment.