Re: Re:- w32/Gokar

From: Nick (bombdudeusmc@yahoo.com)
Date: 12/18/01

• Previous message: gminick: "Re: Passwords On Paper"
• In reply to: Nilesh Shastri: "Re:- w32/Gokar"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: Nick <bombdudeusmc@yahoo.com>
To: Nilesh Shastri <nishastri2001@yahoo.com>
Date: 18 Dec 2001 10:43:06 -0500

Create a resource "http -> http_screening". Go to the match tab and
check "http" and "get". In path, put "*{.pif,.scr,.com,.exe,.bat}" (and
I would include the other extensions from Nimda and code red/blue).

Implement this in a rule for everything crossing the firewall (maybe
negating the internals, there are issues sometimes if you dont).

HTH

Nick

On Sat, 2001-12-15 at 00:43, Nilesh Shastri wrote:
>
>
> Hi,
> Can anyone help to prevent W32/Gokar using
> Checkpoint Firewall.
>
> Thanks.

-- 
Nick
Network Security Consultant
CISSP, CCSI, MCSE, CCNA
Lucent Technologies/NPS
Raleigh, NC

_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com

---

• Previous message: gminick: "Re: Passwords On Paper"
• In reply to: Nilesh Shastri: "Re:- w32/Gokar"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > security-basics  > 2001-12