[Dshield] Here's a good idea
Johannes B. Ullrich
jullrich at sans.org
Tue Apr 20 07:43:34 GMT 2004
> > cmdblock: A tool that scans Apache logs and adds IIS exploiters to an
> > iptable ruleset.
> You definitely want to be careful using "auto-blockers" like this.
In particular if you are blocking Code Red exploited systems. Not much
point in doing so. First of all, if you are actually vulnerable, its
to late. Secondly, the chances of blocking some innocent proxy server
and with it a larger network are high (not all proxy servers add
Blocking only makes sense if you expect further and worse attacks from
this system. Cleaning your Apache logs from Code Red / Nimda hits
doesn't improve your security.
CTO SANS Internet Storm Center http://isc.sans.org
phone: (617) 837 2807 jullrich at sans.org
contact details: http://johannes.homepc.org/contact.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20040420/a2bf24ee/attachment.bin
More information about the list