[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] NIMDA Attacks - Anyway to deny requests?
- Subject: Re: [cobalt-security] NIMDA Attacks - Anyway to deny requests?
- From: David Yates Buckley <yates@xxxxxxxxx>
- Date: Thu, 20 Sep 2001 23:45:14 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Yes, me too,
Could some kind soul tell us what we could do to httpd.conf to just
ignore and drop all requests .*\.exe.*
I am eager to not break anything in there but would love to not have to
watch my log files grow with junk.
yates
At 11:49 AM 9/20/01 -0700, you wrote:
>Hi all,
>
>I'm wondering if there's a way to deny requests to the folders NIMDA attacks
>are requesting?
>
>I see in my log there are key folders being scanned/requested:
>
>/scripts/
>/c/winnt/
>/d/winnt/
>/MSADC/
>/_vti_bin/
>/_mem_bin/
>
>And many upper/lowercase combinations. I know that Cobalt/*nix servers wont
>get "infected" by the virus (I think). But the shear volume of requests are
>so high, that server performance is suffering. Would denying requests have
>an affect on server performance, if it's even possible.
>
>Any suggestions are appreciated.
>
>Best regards,
>Ervin Tarkhanian
>
>_______________________________________________
>cobalt-security mailing list
>cobalt-security@xxxxxxxxxxxxxxx
>http://list.cobalt.com/mailman/listinfo/cobalt-security
>
>