[Shorewall-users] Filter Question

Joe Gofton jgofton at danicar.net
Fri, 11 Oct 2002 10:40:27 -0300 (ADT)


Is there a way to filter websites with Shorewall?  When I say this I mean
local websites.  For example:  My website is www.danicar.net, well I get
all kinds of worm attacks like:

214-62.sh.cgocable.ca - - [06/Oct/2002:06:59:57 -0300] "GET
/scripts/root.exe?/c+dir HTTP/1.0" 404 282
214-62.sh.cgocable.ca - - [06/Oct/2002:06:59:57 -0300] "GET
/MSADC/root.exe?/c+dir HTTP/1.0" 404 280
214-62.sh.cgocable.ca - - [06/Oct/2002:06:59:58 -0300] "GET
/c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 290
214-62.sh.cgocable.ca - - [06/Oct/2002:06:59:58 -0300] "GET
/d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 290
214-62.sh.cgocable.ca - - [06/Oct/2002:06:59:58 -0300] "GET
/scripts/..%255c../winnt/system32/cmd.exe?/c+dir

I was wondering if Shorewall could be used to filter this type of thing?
So anything trying to get at /scripts/ or /MSADC/ or /c/ could be dropped
or something.

Thanks

Joe