[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] NIMDA
- Subject: Re: [cobalt-users] NIMDA
- From: "Hisham Al Saad" <ahisham@xxxxxxxxxxxxxx>
- Date: Sat Sep 29 19:19:03 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
> >>How are we going to stop these NIMDA attacks filling logs?
>
> Quite honestly, the only thing I can think of is to unplug the server.
Maybe contacting your upstream provider might help, if they can block the
traffic at the router, but since they're normal web requests (from what I
gather; I wasn't getting mail for the big Nimda discussion) you can't block
them and can't stop them from getting recorded in your logs.
>
> Btw, I visited a web site and got Nimda, it shot across my home network
like wildfire but luckily no one was stupid enough to click on the nice
little email it left on their desktop. Easy clean-up job on the other
machines, took a bit to get it off of mine. First time I've been infected
with a virus after 5 yrs of being on the net with no virus scanner - and
wouldn't it figure, it comes from a damn web page rather than an email.
Huff. Didn't do any damage though since I don't have a "default" mail
program specified and that kinda cut it off at the knees. It just left junk
*everywhere*.
>
>
Have you considered installing some IDS (Intrusion detection system) on your
network .
They are quit effective. You may look at Snort (http://www.snort.org) its
free.
Regards,
Hisham