Snort mailing list archives

Re: Cod Red HELP!!!!

From: Lance Spitzner <lance () honeynet org>
Date: Tue, 7 Aug 2001 09:34:28 -0500 (CDT)

On Tue, 7 Aug 2001, Advanced Hosting UNIX Admin Daniel Fairchild wrote:

Hello TIA


we are having issues with code red on our unix servers we have 508 IPs per
server and the Code Red scanning is acting like a Massive DDoS on our unix
machines we are getting all these requests for default.ida and we are trying
to figure out how to block it

does any one have any sugesstions.


You may want to look at HogWash, it could identify and drop the Code Red
traffic.

    http://hogwash.sourceforge.net

lance


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Cod Red HELP!!!! Advanced Hosting UNIX Admin Daniel Fairchild (Aug 07)
- Re: Cod Red HELP!!!! Ralf Hildebrandt (Aug 07)
- RE: Cod Red HELP!!!! Theo Zourzouvillys (Aug 07)
  - Re: RE: Cod Red HELP!!!! Jed Haile (Aug 07)
- Re: Cod Red HELP!!!! s I n (Aug 07)
- Re: Cod Red HELP!!!! Lance Spitzner (Aug 07)
- <Possible follow-ups>
- RE: Cod Red HELP!!!! van Oosterom, Peter (Aug 07)
  - Re: Cod Red HELP!!!! Ralf Hildebrandt (Aug 07)
    - RE: Cod Red HELP!!!! Mark Spieth (Aug 07)
- RE: Cod Red HELP!!!! Nigel Morse (Aug 07)
  - RE: Cod Red HELP!!!! s I n (Aug 07)
    - RE: Cod Red HELP!!!! Carolyn Beckman (Aug 07)
    - Code Red and port 443 (was RE: Code Red HELP!!!!) George D. Nincehelser (Aug 07)
    - Re: Code Red and port 443 (was RE: Code Red HELP!!!!) Carolyn Beckman (Aug 07)
    - Re: Code Red and port 443 (was RE: Code Red HELP!!!!) Thierry Coopman (Aug 08)
    - Re: Code Red and port 443 (was RE: Code Red HELP!!!!) Mike Johnson (Aug 08)

(Thread continues...)