[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] NIMDA Attacks - Anyway to deny requests?

Subject: RE: [cobalt-security] NIMDA Attacks - Anyway to deny requests?
From: "Ervin Tarkhanian" <ervin@xxxxxxxxxx>
Date: Fri, 21 Sep 2001 09:45:48 -0700
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

You're right, I thought as much.  I was just hoping there was some sensible
way of doing so.

Best regards,
Ervin Tarkhanian


-----Original Message-----
From: cobalt-security-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-security-admin@xxxxxxxxxxxxxxx]On Behalf Of Jeremy Hull
Sent: Thursday, September 20, 2001 4:18 PM
To: cobalt-security@xxxxxxxxxxxxxxx
Subject: Re: [cobalt-security] NIMDA Attacks - Anyway to deny requests?

Your server(s) are already denying the request... think about it... all you
would be
doing is stopping the logging, your cpu overhead will probably remain the
same. The
cpu overhead you gain from not logging will probably be replaced by the
little bit
extra it takes to filter the request. The packets are still going to hit
your box, so
unless you can filter them through a very clever designed firewall, you're
probably
not going to see any improvement to server performance.

David Yates Buckley wrote:
>
> Yes, me too,
>
> Could some kind soul tell us what we could do to httpd.conf to just
> ignore and drop all requests .*\.exe.*
> I am eager to not break anything in there but would love to not have to
> watch my log files grow with junk.
>
> yates
>
> At 11:49 AM 9/20/01 -0700, you wrote:
> >Hi all,
> >
> >I'm wondering if there's a way to deny requests to the folders NIMDA
attacks
> >are requesting?
> >
> >I see in my log there are key folders being scanned/requested:
> >
> >/scripts/
> >/c/winnt/
> >/d/winnt/
> >/MSADC/
> >/_vti_bin/
> >/_mem_bin/
> >
> >And many upper/lowercase combinations.  I know that Cobalt/*nix servers
wont
> >get "infected" by the virus (I think).  But the shear volume of requests
are
> >so high, that server performance is suffering.  Would denying requests
have
> >an affect on server performance, if it's even possible.
> >
> >Any suggestions are appreciated.
> >
> >Best regards,
> >Ervin Tarkhanian
> >
> >_______________________________________________
> >cobalt-security mailing list
> >cobalt-security@xxxxxxxxxxxxxxx
> >http://list.cobalt.com/mailman/listinfo/cobalt-security
> >
> >
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security

References:
- Re: [cobalt-security] NIMDA Attacks - Anyway to deny requests?
  - From: Jeremy Hull

Prev by Date: Re: [cobalt-security] NAT Question
Next by Date: [cobalt-security] How secure are RAQ's out of the box?
Previous by thread: Re: [cobalt-security] NIMDA Attacks - Anyway to deny requests?
Next by thread: [cobalt-security] Re: [RaQ3] Major Panic On Now

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index