I think they were looking at URL strings and blocking a specific string used in the attack. Not sure it will keep them safe from all attacks, but it would from some. I suspect you could also block "0x" since the entire string is ASCII encoded and any attack that's ASCII encoded would start with those chars and it's unlikely to see that string much in legit traffic.
-Cameron On Thu, Jul 24, 2008 at 3:35 PM, Robert Munn <[EMAIL PROTECTED]> wrote: > What kind of firewall rule can be used to block it? > > On Thu, Jul 24, 2008 at 11:21 AM, Cameron wrote: >> Yup - I warned a client of mine (who I know has vulnerable code) and >> they put a rule in their corporate firewall to block it. 24 hours >> later they emailed to thank me for the warning and said their firewall >> was getting attacked like mad, but it was blocking everything. > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Community/message.cfm/messageid:264549 Subscription: http://www.houseoffusion.com/groups/CF-Community/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.5
