Firewall Wizards mailing list archives
Re: NIMDA, how to stop it
From: "Robin S. Socha" <robin-dated-1010441423.019f5b () socha net>
Date: Fri, 04 Jan 2002 17:32:37 -0500
begin Alan_Young.scr <aryoung () veros com>:
speaking of NIMDA, as a general recommendation, what would you all recommend as an effecive firewall setup to stop NIMDA?
Your idea of "firewall" appears to be a bit hazy. Nimda and its likes are DoS attacks against a webserver launched by Microsoft products. So you are looking at a way to combat a DoS attack. That requires strategic planning, not clicking on a setup tool.
Can I stop NIMDA with just a PIX? Or do I need some sort of other "virus firewall" in addition to our PIX?
There are no virus firewalls. Your idea of how Nimda and other Microsoft-based DoS tools work also appears to be hazy. There are commercial vendors that sell packet filters or proxy servers with blacklisting abilities as "virus walls". But that's basically brown-nosing. So your strategy could e.g. to get strategic arms and nuke the people who created the attack tools: http://www.enemy.org/gallery/jpg/campus.jpg Another strategy could be to block access from the servers launching the attacks. Comme this: http://tb.tf/nimda-block/ - which opens interesting possibilities for ip-spoofing and having yourself shoot yourself in all possible parts of your body.
Please forgive my ignorance, I cant search the archives (the search function is broken) so I dont know if this has been asked before.
http://google.com/ always works.
I am sure I must be missing some fundamental firewall knowledge, I suppose there are some good books on this topic???
Books? What's that? _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: The Morris worm to Nimda, how little we've learned o r gained Behm, Jeffrey L. (Jan 03)
- Re: The Morris worm to Nimda, how little we've learned o r gained Jon O . (Jan 04)
- Re: The Morris worm to Nimda, how little we've learned or gained William bradd (Jan 04)
- NIMDA, how to stop it Alan Young (Jan 04)
- Re: NIMDA, how to stop it R. DuFresne (Jan 04)
- Re: NIMDA, how to stop it Paul D. Robertson (Jan 04)
- Re: NIMDA, how to stop it Robin S. Socha (Jan 05)
- Re: NIMDA, how to stop it Christopher Lee (Jan 05)
- Re: NIMDA, how to stop it Robin S. Socha (Jan 04)
- Re: NIMDA, how to stop it Ryan Russell (Jan 04)
- Re: NIMDA, how to stop it Robin S. Socha (Jan 05)
- Re: NIMDA, how to stop it Ryan Russell (Jan 06)
- Re: NIMDA, how to stop it Robin S. Socha (Jan 06)
- Re: NIMDA, how to stop it Ryan Russell (Jan 07)
- Re: NIMDA, how to stop it R. DuFresne (Jan 04)