Hi Gord :-) > www.incidents.org makes mention that it's passible to impliment a > firewall rule that will slow down the CR/CR2 worm. Does anyone have a > sample of this rule as an ipchains command. I'm sure we've not seen > the last of this problem and I'd like to do what I can to help curb > it's speed of propogation.
A german newsticker announced that Tom Liston had an idea to trap CR - it's here: http://www.incidents.org/archives/intrusions/msg01215.html On http://www.incidents.org/archives/intrusions/msg01239.html Mihnea Stoenescu made public that an example implementation is done. You can get it here: http://www.hackbusters.net/CodeRedneck.tgz It works by starting the 3-way-handshake and then keeps quiet - this does not eliminate CR, it just hinders the fast growth over network. Hope this is what you wanted, Friedemann -- Linux zu nutzen adelt nicht - aber es bildet.
