Snort mailing list archives
Re: Code Red attacks
From: Alec Waters <alec.waters () dataline co uk>
Date: Tue, 18 Sep 2001 16:55:01 +0100
Hi Randy,
permit tcp any "my.web.server.ip" eq 80 deny tcp any any eq 80 log NIDS would still see CR attacks on valid servers but this should stop the probes on invalid servers. Any thoughts?
If your router platform supports NBAR, you can even stop Code Red from reaching valid servers altogether. Take a look at this: http://www.cisco.com/warp/public/63/nbar_acl_codered.shtml It works a treat for me. alec -- Alec Waters Dataline Software Ltd Clarence House, 30-31 North Street, Brighton, BN1 1EB, UK Tel: +44 (0)1273 324939 Fax: +44 (0)1273 205576 www: http://www.dataline.co.uk wap: http://wap.dataline.co.uk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Code Red attacks Peter Borner (Sep 17)
- Re: Code Red attacks Gordon Ewasiuk (Sep 17)
- RE: Code Red attacks Jason Withrow (Sep 17)
- RE: Code Red attacks Gordon Ewasiuk (Sep 17)
- RE: Code Red attacks Jason Withrow (Sep 17)
- RE: Code Red attacks Erek Adams (Sep 17)
- RE: Code Red attacks Randy Bradley (Sep 18)
- RE: Code Red attacks F.M. Taylor (Sep 18)
- Re: Code Red attacks Alec Waters (Sep 18)
- RE: Code Red attacks Erek Adams (Sep 18)
- RE: Code Red attacks Adrian Mink (Sep 18)
- RE: Code Red attacks Erek Adams (Sep 18)
- RE: Code Red attacks Jason Withrow (Sep 17)
- Re: Code Red attacks Gordon Ewasiuk (Sep 17)
- RE: Code Red attacks Gordon Ewasiuk (Sep 17)
- RE: Code Red attacks Jason Withrow (Sep 17)
- <Possible follow-ups>
- RE: Code Red attacks Greg Wright (Sep 17)
- RE: Code Red attacks Jason Withrow (Sep 17)
- RE: Code Red attacks Jason Withrow (Sep 17)
- RE: Code Red attacks Jason Withrow (Sep 17)
- RE: Code Red attacks Franki (Sep 18)
- RE: Code Red attacks Jason Withrow (Sep 17)