Re: apache and nimbdaFrom: Craig Knox (firstname.lastname@example.org)
- Previous message: Seth Arnold: "Re: apache and nimbda"
- In reply to: Brian Clifton: "apache and nimbda"
- Next in thread: John Oliver: "Re: apache and nimbda"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Craig Knox <email@example.com> To: Brian Clifton <firstname.lastname@example.org> Date: 28 Jan 2002 23:14:50 +0000
One way is to use some sort of packet scrubbing method.
either iptables on the webserver or firewall and queue all web traffic
to snort-iptables (http://w3.cablespeed.com/~rvmcmil/).
or hogwash http://hogwash.sourceforge.net/
Both of these methods use snort based rules so you can easily update it
to filter new web attacks when they appear.
If you use snort-iptables you should compile with the
"--enable-flexresp" and add "resp: rst_rcv;" to the rules so that
sessions that are filter are closed properly with your webserver.
On Mon, 2002-01-28 at 09:49, Brian Clifton wrote:
> Dear All
> Is there a way to stop apache responding to .exe file requests altogether?
> I am getting fed up with my error_log file being filled by nimbda and we don't host any .exe files!! I have been monitoring
> it since the summer and the number of nimbda type entries appears to have started to go up again since xmas...
> Any thoughts greatly appreciated...
> Thanks in advance, Brian