Re: NIMDA, how to stop it

["Robin S. Socha" <robin-dated-1010441423.019f5b () socha net>]

begin  Alan_Young.scr <aryoung () veros com>:

> speaking of NIMDA, as a general recommendation, what would you all
> recommend as an effecive firewall setup to stop NIMDA?

Your idea of "firewall" appears to be a bit hazy. Nimda and its likes
are DoS attacks against a webserver launched by Microsoft products. So
you are looking at a way to combat a DoS attack. That requires strategic
planning, not clicking on a setup tool.

> Can I stop NIMDA with just a PIX? Or do I need some sort of other
> "virus firewall" in addition to our PIX?

There are no virus firewalls. Your idea of how Nimda and other
Microsoft-based DoS tools work also appears to be hazy. There are
commercial vendors that sell packet filters or proxy servers with
blacklisting abilities as "virus walls". But that's basically
brown-nosing.

So your strategy could e.g. to get strategic arms and nuke the people
who created the attack tools: http://www.enemy.org/gallery/jpg/campus.jpg

Another strategy could be to block access from the servers launching the
attacks. Comme this: http://tb.tf/nimda-block/ - which opens interesting
possibilities for ip-spoofing and having yourself shoot yourself in all
possible parts of your body. 

> Please forgive my ignorance, I cant search the archives (the search
> function is broken) so I dont know if this has been asked before.

http://google.com/ always works.

> I am sure I must be missing some fundamental firewall knowledge, I
> suppose there are some good books on this topic???

Books? What's that? 
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards