[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] NIMDA Attacks - Anyway to deny requests?

Subject: [cobalt-security] NIMDA Attacks - Anyway to deny requests?
From: "Ervin Tarkhanian" <ervin@xxxxxxxxxx>
Date: Thu, 20 Sep 2001 11:49:12 -0700
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hi all,

I'm wondering if there's a way to deny requests to the folders NIMDA attacks
are requesting?

I see in my log there are key folders being scanned/requested:

/scripts/
/c/winnt/
/d/winnt/
/MSADC/
/_vti_bin/
/_mem_bin/

And many upper/lowercase combinations.  I know that Cobalt/*nix servers wont
get "infected" by the virus (I think).  But the shear volume of requests are
so high, that server performance is suffering.  Would denying requests have
an affect on server performance, if it's even possible.

Any suggestions are appreciated.

Best regards,
Ervin Tarkhanian

Follow-Ups:
- Re: [cobalt-security] NIMDA Attacks - Anyway to deny requests?
  - From: David Yates Buckley

Prev by Date: Re: [cobalt-security] OpenSSH on Raq2 help
Next by Date: Re: [cobalt-security] Attempted inside job. A report.
Previous by thread: Re: [cobalt-security] NAT Question
Next by thread: Re: [cobalt-security] NIMDA Attacks - Anyway to deny requests?

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index