[Dshield] Here's a good idea

Mark Tombaugh mtombaugh at alliedcc.com
Tue Apr 13 17:39:41 GMT 2004


On Tuesday 13 April 2004 11:07 am, Miles Stevenson wrote:
> Does anyone
> know if it works?

I don't know if it works, nor do I know why one would use it.
#1 These attacks dont effect apache
#2 If theyre creating logs on your apache, then they are also probably getting 
to your IIS (if it exists). 
#3 There are much more flexible alternatives (eg. snortsam - thanks Frank!)

There are lots of simple ways to keep these attacks off of your network 
entirely, as well as out of your apache/iis logs. For example:

Cisco IOS 12.1(6) (NBAR) can do it:
<http://www.cisco.com/warp/public/63/nimda.shtml

Or iptables with string matching filters:
<http://articles.linuxguru.net/view/120>

-- 
Mark Tombaugh <mtombaugh at alliedcc.com>
Allied Computer Corporation <http://www.alliedcc.com>
USiHOST, iNC <http://www.usihost.com>





More information about the list mailing list