Re: apache and nimbda

From: Craig Knox (
Date: 01/29/02

From: Craig Knox <>
To: Christophe Zwecker <>
Date: 29 Jan 2002 14:16:01 +0000

On Mon, 2002-01-28 at 21:29, Christophe Zwecker wrote:
> thinkin of that Ive got a customer with IIS server which he cannot
> change for apache, for some reason, I wonder which linux based tools
> (the firewal runs on linux) there are to block nimda. Can a proxy acting
> as a reverse proxy do it ?
> Anyone done this before ?

I use snort-iptables and it works great. Its very easy to setup, you
just need the a recent kernel that supports queuing to userspace and a
patched version of snort from ->

If you use something to just drop matching packets this will keep
sessions open on your webserver till they timeout, but with
snort-iptables you can get it to drop the packet and reset the session
on the webserver (and ties up the worm for a while as it keeps