Security Incidents mailing list archives

New Method for Blocking Code Red and Similar Exploits

From: "Randall S. Benn" <rbenn () clark net>
Date: Tue, 07 Aug 2001 18:31:01 -0400

A new method for blocking Code Red and similar exploits that use HTTP GET requests has been published.  The method uses 
new capabilities within Cisco IOS software.  Read the on-line advisory at:

http://iponeverything.net/CodeRed.html

The beauty of this solution is that it can be used to block Code Red infections today and can be easily modified with 
new signatures in the future using the HTTP sub-port classification mechanism in IOS.

Randy


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

New Method for Blocking Code Red and Similar Exploits Randall S. Benn (Aug 07)
- Re: New Method for Blocking Code Red and Similar Exploits Antonio Vasconcelos (Aug 08)
- RE: New Method for Blocking Code Red and Similar Exploits Mike Batchelor (Aug 09)
- <Possible follow-ups>
- Re: New Method for Blocking Code Red and Similar Exploits Nelson Neves (Aug 08)