Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Cod Red HELP!!!!

From: s I n <sin () Aniela EU ORG>
Date: Tue, 7 Aug 2001 23:28:56 +0300 (EEST)
        Yes, but the default www port is 80. If you run a big site and you
don't want to be bothered by CodeRed Worm you just can't switch the
default port. The no one will connect to the www server because, unless
you specify this explictly, the web browser will try to make a conncetion
to port 80 of the site. The best way to deal with it (in my opinion) is to
have a firewall to filter out any connection request to port 80 of a
server that contains the default.ida string, something like a Cisco router
(someone on the list said it can do this).


Rehards,

/me






It seems to me that one method of getting rid of code red
is to reconfigure the server so that it does not use port
80.  This may or may not be practical with a big machine.
It is only an thought based on the logs of my server on
port 8080. There are no code red entries.

=================================================================
      beckman () clone concordia ca
      Carolyn Beckman
=================================================================





_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: