Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Blocking not friendly traffic

From: Ralf Hildebrandt <Ralf.Hildebrandt () innominate com>
Date: Tue, 7 Aug 2001 08:20:33 +0200
On Tue, Aug 07, 2001 at 12:47:56PM +0700, ??????? ??????? wrote:


Nothing ... After some time my IIS5+Index server again infected.
Question: with snort I can block this traffic or not? Or I must
use normal firewall (like Firewall-1 or other firewall)???


If the alert is triggered, the packet already infected your machine.
So there's little you can do. Normal firewall won't help, because it's
legitimate traffic (the point of a webserver is to server webpages!)

If you want servers that work, stay up, perform, and aren't rooted
every other second, use Apache on OpenBSD.

-- 
ralf.hildebrandt () innominate com                            innominate AG
Technical Consultant                   Don't be afraid of what you see -
Diplom-Informatiker                     be afraid of what you don't see!
tel: +49.(0)7000.POSTFIX                        fax: +49.(0)30.308806-77



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: