Those of you still running servers older than 1.5...
Geoff Goas
gitman at gmail.com
Sat Jun 28 15:47:14 EDT 2008
Nevermind... just tried it out on my busy servers and its way too CPU
intensive. I think I need to do better matching.
On Sat, Jun 28, 2008 at 3:30 PM, Geoff Goas <gitman at gmail.com> wrote:
> If your servers are being crashed due to the 'stat 7' packet exploit, use
> the following iptables rules to block that particular packet:
>
> -A PREROUTING -m string --hex-string "|737461747300007907|" --algo kmp --to
> 65535 -j LOG --log-prefix "COD4STATS_EXPLOIT "
> -A PREROUTING -m string --hex-string "|737461747300007907|" --algo kmp --to
> 65535 -j DROP
> The first rule will log the attempt to syslog, the second will drop the
> packet.
>
> --
> Geoff Goas
> Network Engineer
>
--
Geoff Goas
Network Engineer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://icculus.org/pipermail/cod/attachments/20080628/1c4dc3fd/attachment.htm>
More information about the Cod
mailing list