Re: apache and nimbda

From: Craig Knox (crg@monster.gotadsl.co.uk)
Date: 01/29/02


From: Craig Knox <crg@monster.gotadsl.co.uk>
To: Brian Clifton <brian@omegadm.co.uk>
Date: 28 Jan 2002 23:14:50 +0000

One way is to use some sort of packet scrubbing method.

either iptables on the webserver or firewall and queue all web traffic
to snort-iptables (http://w3.cablespeed.com/~rvmcmil/).

or hogwash http://hogwash.sourceforge.net/

Both of these methods use snort based rules so you can easily update it
to filter new web attacks when they appear.

If you use snort-iptables you should compile with the
"--enable-flexresp" and add "resp: rst_rcv;" to the rules so that
sessions that are filter are closed properly with your webserver.

On Mon, 2002-01-28 at 09:49, Brian Clifton wrote:
> Dear All
>
> Is there a way to stop apache responding to .exe file requests altogether?
>
> I am getting fed up with my error_log file being filled by nimbda and we don't host any .exe files!! I have been monitoring
> it since the summer and the number of nimbda type entries appears to have started to go up again since xmas...
>
> Any thoughts greatly appreciated...
>
> Thanks in advance, Brian