Snort mailing list archives
RE: Cod Red HELP!!!!
From: Shriman Gurung <sg () dataconnection com>
Date: Fri, 10 Aug 2001 18:08:42 +0100
Hmm, looks interesting. We have been playing with flexresp in the snort distribution instead. It'll send an RST back to the source so closing the connection ASAP. But I like the idea of an inline filter much better. s -----Original Message----- From: Lance Spitzner [mailto:lance () honeynet org] Sent: 07 August 2001 15:34 To: Advanced Hosting UNIX Admin Daniel Fairchild Cc: Snort-Users (E-mail); netfilter () lists samba org Subject: Re: [Snort-users] Cod Red HELP!!!! On Tue, 7 Aug 2001, Advanced Hosting UNIX Admin Daniel Fairchild wrote:
Hello TIA we are having issues with code red on our unix servers we have 508 IPs per server and the Code Red scanning is acting like a Massive DDoS on our unix machines we are getting all these requests for default.ida and we are
trying
to figure out how to block it does any one have any sugesstions.
You may want to look at HogWash, it could identify and drop the Code Red traffic. http://hogwash.sourceforge.net lance _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Code Red and port 443 (was RE: Code Red HELP!!!!), (continued)
- Re: Code Red and port 443 (was RE: Code Red HELP!!!!) Mike Johnson (Aug 08)
- Re: Re: Code Red and port 443 (was RE: Code Red HELP!!!!) Marsiske Stefan (Aug 08)
- Re: Code Red and port 443 (was RE: Code Red HELP!!!!) Mike Johnson (Aug 08)
- Re: Code Red and port 443 (was RE: Code Red HELP!!!!) Erek Adams (Aug 08)
- Re: Code Red and port 443 (was RE: Code Red HELP!!!!) Jason Haar (Aug 08)
- RE: Cod Red HELP!!!! s I n (Aug 07)
- Re: RE: Cod Red HELP!!!! Kyle R Maxwell (Aug 07)
- Re: RE: Cod Red HELP!!!! s I n (Aug 08)
- Re: RE: Cod Red HELP!!!! Erek Adams (Aug 08)
- Re: RE: Cod Red HELP!!!! tibuq (Aug 08)
- Re: Cod Red HELP!!!! Advanced Hosting UNIX Admin Daniel Fairchild (Aug 10)