[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] NIMDA

Subject: RE: [cobalt-users] NIMDA
From: "Vachon, Scott" <Scott.Vachon@xxxxxxxxxxxxxx>
Date: Mon Oct 1 06:49:32 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

> on 30/9/2001 10:39 AM, Carrie Bartkowiak at 
> ravencarrie@xxxxxxxx wrote:
> 
> > On Sun, 30 Sep 2001 10:09:13 +0300, Mustafa Cavcar mumbled 
> something like:
> >>> How are we going to stop these NIMDA attacks filling logs?
> > 
> > Quite honestly, the only thing I can think of is to unplug 
> the server. Maybe
> > contacting your upstream provider might help, if they can 
> block the traffic at
> > the router, but since they're normal web requests (from 
> what I gather; I
> > wasn't getting mail for the big Nimda discussion) you can't 
> block them and
> > can't stop them from getting recorded in your logs.
> 
> Well, in my opinion, this is not absolutely correct. What you 
> can do is (as
> example) this:
> 

The .dll, or .ida files can be dropped at an edge router as well if you use
a Cisco router. You will need to use : 2600 3640 7200 IOS 12.1(5)T and the
7500 IOS 12.1(6)E. Check www.cisco.com for more info or here:
http://iponeverything.net/CodeRed.html . The beauty of this solution is that
it can be used to block Code Red infections today and can be easily modified
with new signatures in the future using the HTTP sub-port classification
mechanism in IOS.

~S~

Disclaimer: My own two cents.

Prev by Date: Re: [cobalt-users] secondary Dns
Next by Date: RE: [cobalt-users] password List Server
Previous by thread: Re: [cobalt-users] NIMDA
Next by thread: [cobalt-users] Its time for RaQ4-en-OSUpdate-2.0.pkg

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index