Snort mailing list archives
RE: DOS rules for Nimda
From: "Richard Ellerbrock" <richarde () eskom co za>
Date: Thu, 26 Sep 2002 16:50:11 +0200
Thanks for the pointer, but only really this is applicable: * Rate-limit TCP synchronize/start (SYN) packets. This does not protect a host, but it allows your network to run in a degraded manner and still remain up. By rate-limiting SYNs, you are throwing away packets that exceed a certain rate, so some TCP connections will get through, but not all. As stated in my other note, the problem that I have is the denial of service associated with the scanning for new hosts to infect. They do not mention in the doc how to actaully do the TCP rate limiting - this is a cisco site, but I am not really a cisco expert.
"Tudor Panaitescu" <tpanaitescu () colorcon com> 2002/09/26 04:37:48
Even Better (assuming that you have Cisco): http://www.cisco.com/warp/public/63/nimda.shtml Enjoy, T |-------+------------------------------------------------------| | | | |-------+------------------------------------------------------| | To: | "Richard Ellerbrock" <richarde () eskom co za>, | | | snort-users () lists sourceforge net | |-------+------------------------------------------------------| | cc: | (bcc: Tudor Panaitescu/ColorconUS) | |-------+------------------------------------------------------| | | | |-------+------------------------------------------------------| | Subj| RE: [Snort-users] DOS rules for Nimda | | ect:| | | | | |-------+------------------------------------------------------| [IMAGE] First things first, forget intrusion detection. ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- DOS rules for Nimda Richard Ellerbrock (Sep 26)
- Re: DOS rules for Nimda Chris Green (Sep 26)
- Re: DOS rules for Nimda Martin Roesch (Sep 26)
- <Possible follow-ups>
- RE: DOS rules for Nimda McCammon, Keith (Sep 26)
- RE: DOS rules for Nimda Tudor Panaitescu (Sep 26)
- RE: DOS rules for Nimda Richard Ellerbrock (Sep 26)
- Re: DOS rules for Nimda Richard Ellerbrock (Sep 26)
- RE: DOS rules for Nimda Madziarczyk, Jonathan (Sep 26)
- RE: DOS rules for Nimda Richard Ellerbrock (Sep 26)