[cobalt-users] NIMDA Attacks - Anyway to deny requests?

[Scott F <scott_falco@xxxxxxxxx>]

> I run the nimda script found on this list, gather up
> the infected IP's, then dropped them into my
> firewalls
> to deny access. Once you get a good list of the
> several hundred offenders (which tend to be the same
> first bit of your network) and drop them into your
> firewall, they'll stop hammering you since they're
> denied access -it'll cut down on the attempts a
great
> deal. I've dropped my loads considerably, but I can
> still tell there's a great deal of sluggish network
> traffic due to this latest M$ cancer..
>
>>Hum, knowing the nature of the virus, you'll 
>>end up by blocking half off the internet :-))

It actually has worked quite well and has dropped my
probes/scans from this windoz worm to just around
20-40 per day now (unique IP's). I have 9 machines in
3 locations, and I've managed to assemble a list of
around 500 unique IP's off each box (of course all
windoz cancer infected machines) using that script, so
it really isn't so bad. I really don't have a problem
blocking infected machines hammering away at my boxes.
And this has pretty much become a non-issue for me
since I started doing so, unlike the first day when it
hit the wild. :-)

-Scott

__________________________________________________
Do You Yahoo!?
Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger. http://im.yahoo.com