Re: CODE RED II, help....

From: Ken Schaefer (kenREMOVE_at_THISadOpenStatic.com)
Date: 04/30/03 

Date: Wed, 30 Apr 2003 12:32:03 +1000

Tell BlackIce not to bother logging that particular violation. That'll stop
your logs filling up, and it'll stop your AV software complaining.

If you want to keep the logs, then tell your AV software not to scan the
directory where your BlackIce logs are.

I don't think there's any real way you can stop remote IP addresses
attacking your machines. You could put an application level firewall behind
your edge router (or use a router that combines an IDS), and you could drop
these connections further out...

Cheers
Ken

"peter picataggio" <p_picataggio@hotmail.com> wrote in message
news:096f01c30eb9$3e9ef7d0$3001280a@phx.gbl...
: I am running Windows 2000 and IIS 5.0, all the latest
: patches and I run a software Firewall, BlackICE (the
: latest
: version), and I have a SOnicWall Firewall as well. I also
: have the latest Norton Anti-Virus running on the machine.
:
: At minimum I 40 - 50 attempted CODE RED II attacks on my
: server every day. I also get hundreds of Port probes and a
: bunch of other attempted attacks.
:
: I use NAT on my SOnic Firewall and have Mapped Port 80 to
: one of my internal addresses.
:
: Does anyone have anyclue on how I can put a stop to this
: once and for all? Or is this just the nature of the beast
: and I need to deal with it?
:
: Everyday my Blackice Firewall will be red and have
: hundreds
: of attacks listed, mainly Code Red II, always from
: diffrent
: addresses but I feel like I am being picked on, not
: really,
: but I hope you get my point.
:
: Then to top it off, Black ICE will store everything inside
: of its logs, so now my Virus Software get triggered and
: puts the Log and Evidence files into the Quarinitne
: section.
:
: Is there anything I can do where when it see's a CODE RED
: attack it just plain and simply blocks that IP or drops
: there connection or something.

Relevant Pages

  • Re: Being hacked...
    ... When I check the firewall its self, it shows that they are not open. ... I am using windump and can look at the logs in Ethereal, ... > from by comparing entries in the logs to failed logons to your computers ... > these attacks are coming from. ...
    (microsoft.public.win2000.security)
  • Re: Website down
    ... You need need need a firewall and to enable logging on your internet ... Once you do that, check the logs there. ... >> attacks are coming from or a solution to the problem. ...
    (microsoft.public.security)
  • Re: Any personal Intrusion Detection Systems
    ... BlackIce is actually an IDS that happens to be able to block using ... it's own IP filter (some people would call this a firewall). ... carriers of such attacks like UNicode and double decode style attacks. ...
    (comp.security.firewalls)
  • Re: CODE RED II, help....
    ... just use your firewall to block it. ... I also get hundreds of Port probes and a> bunch of other attempted attacks. ... > Then to top it off, Black ICE will store everything inside> of its logs, so now my Virus Software get triggered and> puts the Log and Evidence files into the Quarinitne> section. ...
    (microsoft.public.inetserver.iis.security)
  • Tiny personal Firewall & BlackIce 2.9
    ... These application can be installed together or make conflicts? ... I'd like to use tiny as a firewall and BlackIce to know the attacks made to ...
    (comp.security.firewalls)