Black Hole / Sink Hole Routing

Awie <(E-Mail Removed)> wrote:

> I applied black hole / Sink hole routing to our Cisco router that redirect
> all packets that have known "virus/worm" pattern to null device. It is very
> helpfull to drop all packets that contain NIMDA, NACHI, etc
>
> Is it possible to do the same action by using IPTABLES?
>
> Your answer is very appreciated and waited for.

Have a look at
http://www.linuxsecurity.com/feature...story-148.html

Or search for 'iptables content match OR filter'

You could mark the packets, then use iproute to route them to a dummy
interface.

--
Cameron Kerr
(E-Mail Removed) : http://nzgeeks.org/cameron/
Empowered by Perl!

All,

I applied black hole / Sink hole routing to our Cisco router that redirect
all packets that have known "virus/worm" pattern to null device. It is very
helpfull to drop all packets that contain NIMDA, NACHI, etc

Is it possible to do the same action by using IPTABLES?

Your answer is very appreciated and waited for.

Thx & Rgds,

Awie

Cameron Kerr <(E-Mail Removed)> wrote in message news:<(E-Mail Removed)>...
> Awie <(E-Mail Removed)> wrote:
>
> > I applied black hole / Sink hole routing to our Cisco router that redirect
> > all packets that have known "virus/worm" pattern to null device. It is very
> > helpfull to drop all packets that contain NIMDA, NACHI, etc
> >
> > Is it possible to do the same action by using IPTABLES?
> >
> > Your answer is very appreciated and waited for.
>
> Have a look at
> http://www.linuxsecurity.com/feature...story-148.html
>
> Or search for 'iptables content match OR filter'
>
> You could mark the packets, then use iproute to route them to a dummy
> interface.

Thanks Cameron. I will visit the site.

Best Rgds,

Awie