Re: iptables anti-nimda anyone?
From: Steve Mickeler (steve@neptune.on.ca)Date: 09/21/01
- Previous message: teo@gecadsoftware.com: "Re: iptables anti-nimda anyone?"
- In reply to: Bretscher;Johannes;ja: "Re: iptables anti-nimda anyone?"
- Next in thread: Bjørn Ruberg: "Re: iptables anti-nimda anyone?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 21 Sep 2001 11:18:05 -0400 (EDT) From: Steve Mickeler <steve@neptune.on.ca> To: "Bretscher;Johannes;ja" <bretscher@kilauea.5sl.org> Subject: Re: iptables anti-nimda anyone? Message-ID: <Pine.LNX.4.21.0109211116200.11929-100000@triton.neptune.on.ca>
On Fri, 21 Sep 2001, Bretscher;Johannes;ja wrote:
>
>
> On Wed, 19 Sep 2001, Konrad Michels wrote:
>
> > Hi everyone
> > I don't suppose one of our iptables gurus out there has an iptables rule
> > to filter out this damn nimda thing? I'm really annoyed about it
> > filling up my apache logz and would love to drop the packets 'ere they
> > get to the apache server . . .
>
> The only thing would be to close port 80. You can not detect packet
> content on TCP level.
If you had a linux box as your firewall, you could use urlsnarf from the
dsniff package and watch for codered/blue attempts and pipe it to a little
iptables script that would black hole the offending hosts.
Todays root password is brought to you by /dev/random
.-------------------------------------.
| Steve Mickeler * Network Operations |
+-------------------------------------+
| Neptune Internet Services |
`-------------------------------------'
1024D/ACB58D4F = 0227 164B D680 9E13 9168 AE28 843F 57D7 ACB5 8D4F
- Previous message: teo@gecadsoftware.com: "Re: iptables anti-nimda anyone?"
- In reply to: Bretscher;Johannes;ja: "Re: iptables anti-nimda anyone?"
- Next in thread: Bjørn Ruberg: "Re: iptables anti-nimda anyone?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
