Snort mailing list archives
Re: Cod Red HELP!!!!
From: Advanced Hosting UNIX Admin Daniel Fairchild <danielf () supportteam net>
Date: Fri, 10 Aug 2001 15:42:34 -0500
Yeah thats what we ended ou using was the flex resp stuff to send a rst in both directins to our internal server and to the infected machine seems to be working well redsuced the load on our server alot. On Friday 10 August 2001 12:08, you wrote:
Hmm, looks interesting. We have been playing with flexresp in the snort distribution instead. It'll send an RST back to the source so closing the connection ASAP. But I like the idea of an inline filter much better. s -----Original Message----- From: Lance Spitzner [mailto:lance () honeynet org] Sent: 07 August 2001 15:34 To: Advanced Hosting UNIX Admin Daniel Fairchild Cc: Snort-Users (E-mail); netfilter () lists samba org Subject: Re: [Snort-users] Cod Red HELP!!!! On Tue, 7 Aug 2001, Advanced Hosting UNIX Admin Daniel Fairchild wrote:Hello TIA we are having issues with code red on our unix servers we have 508 IPs per server and the Code Red scanning is acting like a Massive DDoS on our unix machines we are getting all these requests for default.ida and we aretryingto figure out how to block it does any one have any sugesstions.You may want to look at HogWash, it could identify and drop the Code Red traffic. http://hogwash.sourceforge.net lance _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Advanced Hosting UNIX Admin | Daniel Fairchild danielf () supportteam net To rate my service or provide feedback, please visit the following URL: http://www.supportteam.net/rate.php3 Unix is like a wigwam -- no Gates, no Windows, and an Apache inside. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Re: Code Red and port 443 (was RE: Code Red HELP!!!!), (continued)
- Re: Re: Code Red and port 443 (was RE: Code Red HELP!!!!) Marsiske Stefan (Aug 08)
- Re: Code Red and port 443 (was RE: Code Red HELP!!!!) Mike Johnson (Aug 08)
- Re: Code Red and port 443 (was RE: Code Red HELP!!!!) Erek Adams (Aug 08)
- Re: Code Red and port 443 (was RE: Code Red HELP!!!!) Jason Haar (Aug 08)
- RE: Cod Red HELP!!!! s I n (Aug 07)
- Re: RE: Cod Red HELP!!!! Kyle R Maxwell (Aug 07)
- Re: RE: Cod Red HELP!!!! s I n (Aug 08)
- Re: RE: Cod Red HELP!!!! Erek Adams (Aug 08)
- Re: RE: Cod Red HELP!!!! tibuq (Aug 08)
- Re: Cod Red HELP!!!! Advanced Hosting UNIX Admin Daniel Fairchild (Aug 10)