Re: apache and nimbda
From: Craig Knox (crg@monster.gotadsl.co.uk)Date: 01/29/02
- Previous message: Anton A. Chuvakin: "Re: apache and nimbda"
- In reply to: Christophe Zwecker: "Re: apache and nimbda"
- Next in thread: elliptic: "Re: apache and nimbda"
- Next in thread: Martin Glazer: "Re: apache and nimbda"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Craig Knox <crg@monster.gotadsl.co.uk> To: Christophe Zwecker <doc@zwecker.de> Date: 29 Jan 2002 14:16:01 +0000
On Mon, 2002-01-28 at 21:29, Christophe Zwecker wrote:
> thinkin of that Ive got a customer with IIS server which he cannot
> change for apache, for some reason, I wonder which linux based tools
> (the firewal runs on linux) there are to block nimda. Can a proxy acting
> as a reverse proxy do it ?
>
> Anyone done this before ?
I use snort-iptables and it works great. Its very easy to setup, you
just need the a recent kernel that supports queuing to userspace and a
patched version of snort from ->
http://w3.cablespeed.com/~rvmcmil/
If you use something to just drop matching packets this will keep
sessions open on your webserver till they timeout, but with
snort-iptables you can get it to drop the packet and reset the session
on the webserver (and ties up the worm for a while as it keeps
retrying).
- Previous message: Anton A. Chuvakin: "Re: apache and nimbda"
- In reply to: Christophe Zwecker: "Re: apache and nimbda"
- Next in thread: elliptic: "Re: apache and nimbda"
- Next in thread: Martin Glazer: "Re: apache and nimbda"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
