Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Cod Red HELP!!!!

From: Shriman Gurung <sg () dataconnection com>
Date: Fri, 10 Aug 2001 18:08:42 +0100
Hmm, looks interesting.  We have been playing with flexresp in the snort
distribution instead.  It'll send an RST back to the source so closing the
connection ASAP.  But I like the idea of an inline filter much better.

s

-----Original Message-----
From: Lance Spitzner [mailto:lance () honeynet org]
Sent: 07 August 2001 15:34
To: Advanced Hosting UNIX Admin Daniel Fairchild
Cc: Snort-Users (E-mail); netfilter () lists samba org
Subject: Re: [Snort-users] Cod Red HELP!!!!


On Tue, 7 Aug 2001, Advanced Hosting UNIX Admin Daniel Fairchild wrote:


Hello TIA


we are having issues with code red on our unix servers we have 508 IPs per
server and the Code Red scanning is acting like a Massive DDoS on our unix
machines we are getting all these requests for default.ida and we are

trying

to figure out how to block it

does any one have any sugesstions.


You may want to look at HogWash, it could identify and drop the Code Red
traffic.

    http://hogwash.sourceforge.net

lance


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: