[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Extensive Hack Attack - Was C drive hack
- Subject: Re: [cobalt-users] Extensive Hack Attack - Was C drive hack
- From: Jason Woods <jwoods@xxxxxxxxxxxxxxx>
- Date: Thu Oct 11 14:41:09 2001
- Organization: Oakland Corporation
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
I wrote a Code Red detection/rejection script that could very easily be
changed to block Nimda attacks also. The script uses IPchains to reject
the IP, but if you don't have IPchains loaded on your RaQ (I would
suggest getting it), then I can mod it to use route rejects (more CPU
time used with a route command, though).
To see what all the script can pick up on, check out
http://www.newsnot.com/cgi-bin/shitlist
Having too much fun dealing with IIS exploits, and I don't run IIS!
Tomas Garcia Ferrari wrote:
>
> Hello,
>
> What about rejecting those requests? I few weeks ago I found that somebody
> did a solution to reject the requests asking for 'default.ida'... But can
> not find it now (and my servers are as well full of this '.exe' requests...)
>
> Regards,
> Tomás
>
> +-- --+
> Tomás García Ferrari
> Bigital
> http://bigital.com/
> +-- --+
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
--
Jason Woods
IT Director
Oakland Corporation
414 Broad Street
Story City, IA 50248
Phone: 515-733-5114
Fax : 515-733-4821
Email: jwoods@xxxxxxxxxxxxxxx