Snort mailing list archives
RE: Code Red attacks
From: Erek Adams <erek () theadamsfamily net>
Date: Tue, 18 Sep 2001 09:03:32 -0700 (PDT)
On Tue, 18 Sep 2001, Randy Bradley wrote:
I also have had just about enough CR alerts and was thinking along those lines. Can you share an example? I am thinking of adding these lines to my access-group in list: permit tcp any "my.web.server.ip" eq 80 deny tcp any any eq 80 log NIDS would still see CR attacks on valid servers but this should stop the probes on invalid servers. Any thoughts?
Should work fine. I'm sure Cisco has a handy-dandy guide on how to setup those filters. They got slammed with CR on some of the DSL routers. Surf the site and see what you can turn up. ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Code Red attacks Peter Borner (Sep 17)
- Re: Code Red attacks Gordon Ewasiuk (Sep 17)
- RE: Code Red attacks Jason Withrow (Sep 17)
- RE: Code Red attacks Gordon Ewasiuk (Sep 17)
- RE: Code Red attacks Jason Withrow (Sep 17)
- RE: Code Red attacks Erek Adams (Sep 17)
- RE: Code Red attacks Randy Bradley (Sep 18)
- RE: Code Red attacks F.M. Taylor (Sep 18)
- Re: Code Red attacks Alec Waters (Sep 18)
- RE: Code Red attacks Erek Adams (Sep 18)
- RE: Code Red attacks Adrian Mink (Sep 18)
- RE: Code Red attacks Erek Adams (Sep 18)
- RE: Code Red attacks Jason Withrow (Sep 17)
- Re: Code Red attacks Gordon Ewasiuk (Sep 17)
- RE: Code Red attacks Gordon Ewasiuk (Sep 17)
- RE: Code Red attacks Jason Withrow (Sep 17)
- <Possible follow-ups>
- RE: Code Red attacks Greg Wright (Sep 17)
- RE: Code Red attacks Jason Withrow (Sep 17)
- RE: Code Red attacks Jason Withrow (Sep 17)
- RE: Code Red attacks Jason Withrow (Sep 17)
- RE: Code Red attacks Franki (Sep 18)
- Re: Code Red attacks Tim Olson (Sep 18)
- RE: Code Red attacks Jason Withrow (Sep 17)