Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: RE: Cod Red HELP!!!!

From: s I n <sin () Aniela EU ORG>
Date: Wed, 8 Aug 2001 09:51:03 +0300 (EEST)


        Ouch! Oh, well.... then you can settle with iptables. and try to
limit de incmoing conections to your server to a specified amount per
minute or per second.

/me

On Tue, 7 Aug 2001, Kyle R Maxwell wrote:


I'm not a Cisco export, but what yuo want is their CSS (content
switch). Does lots of cool stuff, but it's *extremely* expensive (as in
generally in the $200k+ range) so it's probably only within the reach of
relatively large organizations.


On Tue, 7 Aug 2001, s I n wrote:


    Yes, but the default www port is 80. If you run a big site and you
don't want to be bothered by CodeRed Worm you just can't switch the
default port. The no one will connect to the www server because, unless
you specify this explictly, the web browser will try to make a conncetion
to port 80 of the site. The best way to deal with it (in my opinion) is to
have a firewall to filter out any connection request to port 80 of a
server that contains the default.ida string, something like a Cisco router
(someone on the list said it can do this).


--
Kyle Maxwell
kmaxwell () superpages com
SuperPages.com Sys Admin





_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: