Agreed ;p On Mon, Mar 21, 2011 at 10:19 PM, bk <[email protected]> wrote:
> > On Mar 21, 2011, at 1:43 PM, Cal Leeming wrote: > > > > On Mon, Mar 21, 2011 at 8:39 PM, bk <[email protected]> wrote: > >> >> On Mar 21, 2011, at 10:52 AM, Alien Chatter wrote: >> >> > $ sudo iptables -I INPUT -m string --algo bm --hex-string >> > >> '|476f6f676c6520496e63311830160603550403140f6d61696c2e676f6f676c652e636f6d30819f30|' >> > -j DROP >> > >> > Try it, you will get a connection timeout: >> > >> > $ curl --connect-timeout 60 https://mail.google.com/ >> > curl: (28) SSL connection timeout >> > >> > The same applies for Twitter, Facebook... Much more efficient than >> > DNS/IP blocking! >> > >> >> Because searching for a bytestring in payload generates so much less load >> than just overriding a DNS result at the recursive server (that users are >> forced to issue queries to) or a simply drop SYNs based on IP header value >> that routers/firewalls are optimized for... >> >> I think you forgot your coffee this morning. It's not just for aliens you >> know. >> >> -- >> chort >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > I think what he meant by efficient, was that if their sites ever get > re-numbered or more end nodes are added (which may or may not be that > often), then this would still catch the connections. > > Imho, I think it'd be better to just have a script checking for it, but > nether the less, it's a cute approach (albeit, probably not usable in a > production environment). > > > It's "efficient" in that humans get to be lazy. It's not efficient as far > as hardware resource utilization. > > -- > chort > > >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
