Re: apache and nimbda

From: Craig Knox (
Date: 01/29/02

From: Craig Knox <>
To: Brian Clifton <>
Date: 28 Jan 2002 23:14:50 +0000

One way is to use some sort of packet scrubbing method.

either iptables on the webserver or firewall and queue all web traffic
to snort-iptables (

or hogwash

Both of these methods use snort based rules so you can easily update it
to filter new web attacks when they appear.

If you use snort-iptables you should compile with the
"--enable-flexresp" and add "resp: rst_rcv;" to the rules so that
sessions that are filter are closed properly with your webserver.

On Mon, 2002-01-28 at 09:49, Brian Clifton wrote:
> Dear All
> Is there a way to stop apache responding to .exe file requests altogether?
> I am getting fed up with my error_log file being filled by nimbda and we don't host any .exe files!! I have been monitoring
> it since the summer and the number of nimbda type entries appears to have started to go up again since xmas...
> Any thoughts greatly appreciated...
> Thanks in advance, Brian