Forwarding your succinct explanation to the mailing list.
Gautam wrote:
Hi Swapnil,
ya, surely, A good example of this would be a simple cgi attack expolit for Apache. In such a case if signature of this type of attack is available with us we can write appropriate snort signature and identify the attack. But in case of iptable ( assuming port 80 is allowed for http request) it would bypass the policy and give the attacker the permission to expolit the machine. Beacuse for iptable its a valid http request packet and it would pass it inside the network. These type of attacks could not be stopped by iptable.
Wouldn't that also prevent network intrusion ? Can you give some examples where iptables will not be enough for intrusion prevention ?
These are my personal views from the little experience i have and would like to know if i have wrong perceptions about the matter.
-- ______________________________________________________________________ Pune GNU/Linux Users Group Mailing List: ([EMAIL PROTECTED]) List Information: http://plug.org.in/mailing-list/listinfo/plug-mail Send 'help' to [EMAIL PROTECTED] for mailing instructions.
