CODE RED II, help....

From: peter picataggio (p_picataggio_at_hotmail.com)
Date: 04/30/03 

Date: Tue, 29 Apr 2003 18:38:47 -0700

I am running Windows 2000 and IIS 5.0, all the latest
patches and I run a software Firewall, BlackICE (the
latest
version), and I have a SOnicWall Firewall as well. I also
have the latest Norton Anti-Virus running on the machine.

At minimum I 40 - 50 attempted CODE RED II attacks on my
server every day. I also get hundreds of Port probes and a
bunch of other attempted attacks.

I use NAT on my SOnic Firewall and have Mapped Port 80 to
one of my internal addresses.

Does anyone have anyclue on how I can put a stop to this
once and for all? Or is this just the nature of the beast
and I need to deal with it?

Everyday my Blackice Firewall will be red and have
hundreds
of attacks listed, mainly Code Red II, always from
diffrent
addresses but I feel like I am being picked on, not
really,
but I hope you get my point.

Then to top it off, Black ICE will store everything inside
of its logs, so now my Virus Software get triggered and
puts the Log and Evidence files into the Quarinitne
section.

Is there anything I can do where when it see's a CODE RED
attack it just plain and simply blocks that IP or drops
there connection or something.

Any idea's would be great...

Pete

Relevant Pages

  • Re: What to use, what to use?
    ... just because you have a software firewall like Winproxy or ... don't think that you cannot be attacked on OPENED port 80. ... Not NAT, ISP or firewall can check network traffic for malicious activity, ... So I would think about putting BlackIce IDS/firewall back on your Webserver ...
    (comp.security.firewalls)
  • Re: MS04-011 Status ?
    ... I'm running windows 2000 pro with the free ZoneAlarm firewall installed. ... >> Should I assume that a good software firewall would protect me when I plug ...
    (microsoft.public.win2000.general)
  • Re: MS04-011 Status ?
    ... I'm running windows 2000 pro with the free ZoneAlarm firewall installed. ... >> Should I assume that a good software firewall would protect me when I plug ...
    (microsoft.public.win2000.security)
  • Re: Black Ice.
    ... What are you talking about it's not a firewall? ... is there another software firewall that's free (full ... >>BlackICE isn't a firewall. ... It just an intrusion detection system. ...
    (comp.security.firewalls)
  • Re: Looking for a Good Firewall/Antivirus
    ... Have you tried BlackIce 3.5 for yourself? ... > any other website. ... > I have two problems with this: First, any good firewall will prevent ... If you don't think "Spyware" is a problem for computer ...
    (comp.security.firewalls)