Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Code Red attacks

From: Randy Bradley <bradley () email marc usda gov>
Date: Tue, 18 Sep 2001 08:18:33 -0500

Or simpler, block them at the router.  ;-)




Erek,
I also have had just about enough CR alerts and was thinking along those lines. Can you share an example? I am thinking of adding these lines to my access-group in list: 

permit tcp any "my.web.server.ip" eq 80
deny tcp any any eq 80 log
NIDS would still see CR attacks on valid servers but this should stop the probes on invalid servers. Any thoughts? 

Randy



--

******************************************************************************
Randy Bradley | Systems Analyst | US Meat Animal Research Center | Clay Center
Computer Spec.| 402-762-4156    | bradley () email marc usda gov    | Nebraska
******************************************************************************

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: