Re: apache and nimbda
From: Craig Knox (crg@monster.gotadsl.co.uk)Date: 01/29/02
- Previous message: Seth Arnold: "Re: apache and nimbda"
- In reply to: Brian Clifton: "apache and nimbda"
- Next in thread: John Oliver: "Re: apache and nimbda"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Craig Knox <crg@monster.gotadsl.co.uk> To: Brian Clifton <brian@omegadm.co.uk> Date: 28 Jan 2002 23:14:50 +0000
One way is to use some sort of packet scrubbing method.
either iptables on the webserver or firewall and queue all web traffic
to snort-iptables (http://w3.cablespeed.com/~rvmcmil/).
or hogwash http://hogwash.sourceforge.net/
Both of these methods use snort based rules so you can easily update it
to filter new web attacks when they appear.
If you use snort-iptables you should compile with the
"--enable-flexresp" and add "resp: rst_rcv;" to the rules so that
sessions that are filter are closed properly with your webserver.
On Mon, 2002-01-28 at 09:49, Brian Clifton wrote:
> Dear All
>
> Is there a way to stop apache responding to .exe file requests altogether?
>
> I am getting fed up with my error_log file being filled by nimbda and we don't host any .exe files!! I have been monitoring
> it since the summer and the number of nimbda type entries appears to have started to go up again since xmas...
>
> Any thoughts greatly appreciated...
>
> Thanks in advance, Brian
- Previous message: Seth Arnold: "Re: apache and nimbda"
- In reply to: Brian Clifton: "apache and nimbda"
- Next in thread: John Oliver: "Re: apache and nimbda"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
