Snort mailing list archives
RE: Code Red attacks
From: Randy Bradley <bradley () email marc usda gov>
Date: Tue, 18 Sep 2001 08:18:33 -0500
Or simpler, block them at the router. ;-)
Erek,I also have had just about enough CR alerts and was thinking along those lines. Can you share an example? I am thinking of adding these lines to my access-group in list:
permit tcp any "my.web.server.ip" eq 80 deny tcp any any eq 80 logNIDS would still see CR attacks on valid servers but this should stop the probes on invalid servers. Any thoughts?
Randy -- ****************************************************************************** Randy Bradley | Systems Analyst | US Meat Animal Research Center | Clay Center Computer Spec.| 402-762-4156 | bradley () email marc usda gov | Nebraska ****************************************************************************** _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Code Red attacks Peter Borner (Sep 17)
- Re: Code Red attacks Gordon Ewasiuk (Sep 17)
- RE: Code Red attacks Jason Withrow (Sep 17)
- RE: Code Red attacks Gordon Ewasiuk (Sep 17)
- RE: Code Red attacks Jason Withrow (Sep 17)
- RE: Code Red attacks Erek Adams (Sep 17)
- RE: Code Red attacks Randy Bradley (Sep 18)
- RE: Code Red attacks F.M. Taylor (Sep 18)
- Re: Code Red attacks Alec Waters (Sep 18)
- RE: Code Red attacks Erek Adams (Sep 18)
- RE: Code Red attacks Adrian Mink (Sep 18)
- RE: Code Red attacks Erek Adams (Sep 18)
- RE: Code Red attacks Jason Withrow (Sep 17)
- Re: Code Red attacks Gordon Ewasiuk (Sep 17)
- RE: Code Red attacks Gordon Ewasiuk (Sep 17)
- RE: Code Red attacks Jason Withrow (Sep 17)
- <Possible follow-ups>
- RE: Code Red attacks Greg Wright (Sep 17)
- RE: Code Red attacks Jason Withrow (Sep 17)
- RE: Code Red attacks Jason Withrow (Sep 17)
- RE: Code Red attacks Jason Withrow (Sep 17)