Snort mailing list archives

Re: Cod Red HELP!!!!

From: s I n <sin () Aniela EU ORG>
Date: Tue, 7 Aug 2001 17:33:41 +0300 (EEST)



Try to use the string match figure of iptables inside your firewall so
you can drop any packets that contain default.ida string.

Hope this helps,

/me


On Tue, 7 Aug 2001, Advanced Hosting UNIX Admin Daniel Fairchild wrote:

Hello TIA


we are having issues with code red on our unix servers we have 508 IPs per
server and the Code Red scanning is acting like a Massive DDoS on our unix
machines we are getting all these requests for default.ida and we are trying
to figure out how to block it

does any one have any sugesstions.


TIA again



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Cod Red HELP!!!! Advanced Hosting UNIX Admin Daniel Fairchild (Aug 07)
- Re: Cod Red HELP!!!! Ralf Hildebrandt (Aug 07)
- RE: Cod Red HELP!!!! Theo Zourzouvillys (Aug 07)
  - Re: RE: Cod Red HELP!!!! Jed Haile (Aug 07)
- Re: Cod Red HELP!!!! s I n (Aug 07)
- Re: Cod Red HELP!!!! Lance Spitzner (Aug 07)
- <Possible follow-ups>
- RE: Cod Red HELP!!!! van Oosterom, Peter (Aug 07)
  - Re: Cod Red HELP!!!! Ralf Hildebrandt (Aug 07)
    - RE: Cod Red HELP!!!! Mark Spieth (Aug 07)
- RE: Cod Red HELP!!!! Nigel Morse (Aug 07)
  - RE: Cod Red HELP!!!! s I n (Aug 07)
    - RE: Cod Red HELP!!!! Carolyn Beckman (Aug 07)
    - Code Red and port 443 (was RE: Code Red HELP!!!!) George D. Nincehelser (Aug 07)
    - Re: Code Red and port 443 (was RE: Code Red HELP!!!!) Carolyn Beckman (Aug 07)
    - Re: Code Red and port 443 (was RE: Code Red HELP!!!!) Thierry Coopman (Aug 08)

(Thread continues...)