How can we differentiate the following two packets and use it in iptables for say string match ? what kind of string we can use for these two types in iptables? any ideas?
In case where the packet is good, we can see lots of ..... ..... .... ................ in the data field.
while in the data filed of a attack packet, there is much less or almost no ..... ..... ......... in data filed or no gaps between the alphabets.
Sample tcpdump of a good packet
#########################################
Sample tcp dump of LOIC/dos attack attempt
##################################### ---------- Post updated 05-29-13 at 01:10 AM ---------- Previous update was 05-28-13 at 06:48 AM ----------
seems we need to find a way to see in a packet that has data with a few words or sentence that repeat itself and then create some sort of string/regular expression , that can be applied to iptables string match, although i am not sure , if we can use regular expressions with iptables string match directly.
Can someone tell me how I can do this?
e.g:
a=$(echo -e wert trewt ertert ertert ertert erttert
erterte
rterter
tertertert
ert)
How do i replace the STRING with $a?
I try this:
sed -i 's/STRING/'"$a"'/g' filename.ext
but this don' t work (2 Replies)
continuing from my previous post, whose link is given below as a reference
https://www.unix.com/shell-programming-scripting/171076-shell-scripting.html#post302573569
consider there is create table commands in a file for eg:
CREATE TABLE `Blahblahblah` (
`id` int(11) NOT NULL... (2 Replies)
Hi All,
I am trying to to compare a string variable with a string literal inside a loop but keep getting the
./testifstructure.sh: line 6:
#!/bin/sh
BOOK_LIST="BOOK1 BOOK2"
for BOOK in ${BOOK_LIST}
do
if
then echo '1'
else
echo '2'
fi
done
Please use next... (1 Reply)
here is what i want to achieve... consider a file contains below contents. the file size is large about 60mb
cat dump.sql
INSERT INTO `table1` (`id`, `action`, `date`, `descrip`, `lastModified`) VALUES (1,'Change','2011-05-05 00:00:00','Account Updated','2012-02-10... (10 Replies)
I am attempting to grep an exact string from a series of files within a directory and append that output to the filename when it is present in the file. I've been after this all day with no luck. Thanks for your help in advance :wall:. (4 Replies)
Hi,
I am trying to remove lines once a string is found till another string is found including the start string and end string. I want to basically grab all the lines starting with color (closing bracket). PS: The line after the closing bracket for color could be anything (currently 'more').... (1 Reply)
I need to read a text file and insert a string every n lines, but also have the line counter restart when I come across a header string.
Line repeating working every 3 lines using code:
sed '0~3 s/$/\nINSERT/g' < INPUT/PATH/FILE_NAME.txt > OUTPUT/PATH/FILE_NAME.txt
I cannot seem to find... (1 Reply)
I have the logic below to look up for matches within the columns between the two files with awk.
In the if statement is where the string comparison is attempted with ==
The issue seems to be with the operands, as
1. when " '${SECTOR}' " -- double quote followed by single quote -- awk matches... (1 Reply)
I want to search a small string in a large string and find the locations of the string. For this I used grep "string" -ob <file name where the large string is stored>. Now this gives me the locations of that string. Now how do I store these locations in a text file.
Please use CODE tags as... (7 Replies)