Re: [fw1-wizards] RE: blocking code red at the firewall

From: ragu nandan (raguedify@yahoo.com)
Date: 09/06/01


Message-ID: <20010906180509.92048.qmail@web12206.mail.yahoo.com>
Date: Thu, 6 Sep 2001 11:05:09 -0700 (PDT)
From: ragu nandan <raguedify@yahoo.com>
Subject: Re: [fw1-wizards] RE: blocking code red at the firewall
To: "Hall, Andrew" <andrew.hall@isecure.com.au>, 'Langa Kentane' <Langa.Kentane@Nanoteq.com>, "Firewall-1 Mailinglist (E-mail)" <fw1-wizards@phoneboy.com>

Yes, Siebel's password protected knowledge-base is one
such site. With IE 5.0 or Netscape, I could get in but
not with the latest IE 5.5 SP1/2 until I disabled the
code Red rule.
Ragu

--- "Hall, Andrew" <andrew.hall@isecure.com.au> wrote:
> There are heaps of sites which use ida and idq
> files, so blocking on *.ida
> is not such a good idea. However, the Code Red worm
> exploits on default.ida
> ... which is a file no production system should be
> using. It is a file from
> a default installation, and should be changed once a
> web site is developed,
> (or removed if not required!).
>
> You will not find too many legitimate requests for
> default.ida.
>
> Andrew
>
> -----Original Message-----
> From: Langa Kentane
> [mailto:Langa.Kentane@Nanoteq.com]
> Sent: Thursday, August 30, 2001 10:20 PM
> To: Firewall-1 Mailinglist (E-mail)
> Cc: Security Basics (E-mail)
> Subject: blocking code red at the firewall
>
>
> Greetz.
> I am in the process of setting up a rule using a URI
> resource to block the
> code red worm from the firewall. What I would like
> to know are the
> implications of doing this? Are there ever any legit
> requests for the .ida
> extension?
>
> Thanks
>
>
---------------------------------------------------------------------
> FireWall-1 Wizards Mailing List
> (http://www.phoneboy.com/wizards/)
> To unsubscribe, e-mail:
> fw1-wizards-unsubscribe@phoneboy.com
> For additional commands, e-mail:
> fw1-wizards-help@phoneboy.com
>

__________________________________________________
Do You Yahoo!?
Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger
http://im.yahoo.com