Security Issue: code injection attack

Bas ON5HB · May 27, 2025, 01:00 PM

Linux has a nice option: man command

To know iptables and what it does, type: man iptables

It will tell you what everything does.

9a7aof · May 27, 2025, 01:23 PM

Quote from: Bas ON5HB on May 27, 2025, 01:00 PMLiunux has a nice option: man command

To know iptables and what it does, type: man iptables

It will tell you what everything does.

Thanks,

I know that but there are people who don't.

Old Linux/Unix masters used to answer similar questions with the acronym RTFM.
I guarantee, that acronym ALWAYS HELPS!

Best regards,
Darko, 9a7aof

Bas ON5HB · Jun 13, 2025, 02:59 AM

And they managed again....different line....so I adopted the iptables:

Code Select

iptables -D INPUT -m string --algo kmp --string "%3C%" -j DROP
iptables -D INPUT -m string --algo kmp --string "device.rsp" -j DROP
iptables -A INPUT -m string --algo kmp --string "%3C%" -j DROP
iptables -A INPUT -m string --algo kmp --string "device.rsp" -j DROP

As they attack the device.rsp all the time, I added that too.

Also replaced algo with KMP as KMP can scan over multiple TCP-packets, where BM may miss it.

Hopefully it's over now.