[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] NIMDA Attacks - Anyway to deny requests?
- Subject: Re: [cobalt-security] NIMDA Attacks - Anyway to deny requests?
- From: Ted Behling <TBehling@xxxxxxxxxxxxx>
- Date: Sun, 23 Sep 2001 22:16:42 -0400
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
At 01:35 PM 9/22/01, David Yates Buckley wrote:
One thing that is interesting to note: say you are using a firewall to access
your raq, and it is masquerading, and one of your pc's in your office got
infected, or even say there is some idiot in the office with a twisted sense
of humour that has bookmarked your own raq with winnt/system32 then you
suddely are locked out of your raq! And I believe you could be locked out
for quite a while! So when if in doubt, don't muck around with your raq,
that explains all these pkgs and patches etc...
I had the same thought when I first read about this script. I advise
against automatically blocking source IPs, as infected machines behind a
proxy server or NAT router would cause ALL machines behind that gateway to
be blocked. Think AOL.
--------------------------------------------------------------------------
Ted Behling, Web Application Developer - Monarch Information Systems, Inc.
43 Folly Field Road, Unit 4, Hilton Head Island, SC 29928-5434
E-mail: mailto:TBehling@xxxxxxxxxxxxx
Phone/Fax: 1-800-842-7894 Local or Outside the USA: 1-843-842-7894
Cell Phone (urgent issues): 843-816-7895
Cell Phone E-mail: mailto:TedPhone@xxxxxxxxxxxxx (116 letter limit)
Web site: http://www.MonarchIS.net
--------------------------------------------------------------------------