Snort mailing list archives
Re: RE: Cod Red HELP!!!!
From: Jed Haile <jhaile () nitrodata com>
Date: Tue, 7 Aug 2001 08:44:04 -0600
Take a look at hogwash, http://hogwash.sourceforge.net. It can drop all code red scans quite nicely and ease the load on your web servers. Jed On Tuesday 07 August 2001 07:18 am, Theo Zourzouvillys wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This probably isn't the right place to be answering, so sorry for being off topic. We are using Cisco CS-800's (formely Arrowpoint) with a content rule to block any default.ida's. the requests never even get through to the server. I don't know if any cisco routers do layer 5 rules though. The other option would be to set up a snort rule, and have it add iptables rules, but with (last figure I heard) 8000 hosts infected, that's gonna make a lot of rules. Theo Theo Zourzouvillys Internet Consultant + Notnet Consultancy [ www.notnet.co.uk ] - Specialising in Unix security, ISP Start-up and regeneration, - MySQL solutions, E-commerce, and Load balancing. + Notnet.co.uk - Quality web hosting at an affordable price - http://www.notnet.co.uk/ + theo () crazygreek co uk - -----Original Message----- From: netfilter-admin () lists samba org [mailto:netfilter-admin () lists samba org] On Behalf Of Advanced Hosting UNIX Admin Daniel Fairchild Sent: 07 August 2001 13:52 To: snort-users () lists sourceforge net; netfilter () lists samba org; bridge () math leidenuniv nl Subject: Cod Red HELP!!!! Hello TIA we are having issues with code red on our unix servers we have 508 IPs per server and the Code Red scanning is acting like a Massive DDoS on our unix machines we are getting all these requests for default.ida and we are trying to figure out how to block it does any one have any sugesstions. TIA again -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> iQA/AwUBO2/qs+OPAq8KU5+mEQLpVACfa/Tte8PLuMyJi58ORYo4Vr9sq0wAniAL srTW9+keQpUlTc/PxP2CW/g0 =8zKJ -----END PGP SIGNATURE----- _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Cod Red HELP!!!! Advanced Hosting UNIX Admin Daniel Fairchild (Aug 07)
- Re: Cod Red HELP!!!! Ralf Hildebrandt (Aug 07)
- RE: Cod Red HELP!!!! Theo Zourzouvillys (Aug 07)
- Re: RE: Cod Red HELP!!!! Jed Haile (Aug 07)
- Re: Cod Red HELP!!!! s I n (Aug 07)
- Re: Cod Red HELP!!!! Lance Spitzner (Aug 07)
- <Possible follow-ups>
- RE: Cod Red HELP!!!! van Oosterom, Peter (Aug 07)
- Re: Cod Red HELP!!!! Ralf Hildebrandt (Aug 07)
- RE: Cod Red HELP!!!! Mark Spieth (Aug 07)
- Re: Cod Red HELP!!!! Ralf Hildebrandt (Aug 07)
- RE: Cod Red HELP!!!! Nigel Morse (Aug 07)
- RE: Cod Red HELP!!!! s I n (Aug 07)
- RE: Cod Red HELP!!!! Carolyn Beckman (Aug 07)
- Code Red and port 443 (was RE: Code Red HELP!!!!) George D. Nincehelser (Aug 07)
- Re: Code Red and port 443 (was RE: Code Red HELP!!!!) Carolyn Beckman (Aug 07)
- RE: Cod Red HELP!!!! s I n (Aug 07)