Re: [fw1-wizards] RE: blocking code red at the firewall

From: ragu nandan (raguedify@yahoo.com)
Date: 09/06/01


Message-ID: <20010906180509.92048.qmail@web12206.mail.yahoo.com>
Date: Thu, 6 Sep 2001 11:05:09 -0700 (PDT)
From: ragu nandan <raguedify@yahoo.com>
Subject: Re: [fw1-wizards] RE: blocking code red at the firewall
To: "Hall, Andrew" <andrew.hall@isecure.com.au>, 'Langa Kentane' <Langa.Kentane@Nanoteq.com>, "Firewall-1 Mailinglist (E-mail)" <fw1-wizards@phoneboy.com>

Yes, Siebel's password protected knowledge-base is one
such site. With IE 5.0 or Netscape, I could get in but
not with the latest IE 5.5 SP1/2 until I disabled the
code Red rule.
Ragu

--- "Hall, Andrew" <andrew.hall@isecure.com.au> wrote:
> There are heaps of sites which use ida and idq
> files, so blocking on *.ida
> is not such a good idea. However, the Code Red worm
> exploits on default.ida
> ... which is a file no production system should be
> using. It is a file from
> a default installation, and should be changed once a
> web site is developed,
> (or removed if not required!).
>
> You will not find too many legitimate requests for
> default.ida.
>
> Andrew
>
> -----Original Message-----
> From: Langa Kentane
> [mailto:Langa.Kentane@Nanoteq.com]
> Sent: Thursday, August 30, 2001 10:20 PM
> To: Firewall-1 Mailinglist (E-mail)
> Cc: Security Basics (E-mail)
> Subject: blocking code red at the firewall
>
>
> Greetz.
> I am in the process of setting up a rule using a URI
> resource to block the
> code red worm from the firewall. What I would like
> to know are the
> implications of doing this? Are there ever any legit
> requests for the .ida
> extension?
>
> Thanks
>
>
---------------------------------------------------------------------
> FireWall-1 Wizards Mailing List
> (http://www.phoneboy.com/wizards/)
> To unsubscribe, e-mail:
> fw1-wizards-unsubscribe@phoneboy.com
> For additional commands, e-mail:
> fw1-wizards-help@phoneboy.com
>

__________________________________________________
Do You Yahoo!?
Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger
http://im.yahoo.com



Relevant Pages

  • RE: blocking code red at the firewall
    ... blocking code red at the firewall ... There are heaps of sites which use ida and idq files, ... the Code Red worm exploits on default.ida ... You will not find too many legitimate requests for default.ida. ...
    (Security-Basics)
  • Re: Need advice about hacking and security
    ... All of my email accounts - Hotmail, Yahoo, ... > Outlook also requires a lot of tweaking to secure it. ... In some states, there are laws with teeth, ... > You probably need a firewall to start. ...
    (comp.security.misc)
  • Re: tried everything- cannot publish to web
    ... the path to the FTP server correctly, ... firewall, and/or a third party firewall included in a antivirus suite, or a ... looking at the instructions from Yahoo about how to upload your site, ... how to use their control panel to upload your files. ...
    (microsoft.public.publisher.webdesign)
  • Re: Need advice about hacking and security
    ... All of my email accounts - Hotmail, Yahoo, ... They are not designed with security in mind. ... Outlook also requires a lot of tweaking to secure it. ... You probably need a firewall to start. ...
    (comp.security.misc)
  • Re: Browser Hijack - hilfe!
    ... Moin moin, ... eine ordentliche Firewall ist nie verkehrt. ... Ida: Hol dir am besten einen Bekannten ran, der mit PCs umgehen kann, um ... Dein Windows funzt zwar nicht, hat aber nichts mit Microsoft zu tun. ...
    (microsoft.public.de.german.windowsxp.sonstiges)