RE: [IMail Forum] Virus Attacks

Mon, 24 Sep 2001 18:53:04 -0700 

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Any reasonable IDS will block these sorts of attacks.

http://www.zonelabs.com - Zone Alarm (free for private use)
http://www.networkice.com - BlackICE
... and plenty more.

The big problem here though is that a machine will attempt your IP's
once before moving on elsewhere, so by the time you've blocked them
they've gone anyhow.

CodeRed v1 had a fairly simple 'random' seed which meant each
infected server would attack the same IP's in the same order, whereas
CodeRed v2, CodeBlue and Nimda are considerably smarter (they start
by attacking machines in the same subnet and work their way out).

Short of blocking the attacks at the router level (which can cause a
whole bunch of problems of its own), or changing the port web
messaging runs on, there ain't much more you can do.

Cheers,
Nick



>  -----Original Message-----
>  From: [EMAIL PROTECTED] 
>  [mailto:[EMAIL PROTECTED]] On Behalf Of Tim
>  Sent: Tuesday, 25 September 2001 11:23 AM
>  To: Imail
>  Subject: [IMail Forum] Virus Attacks
>  
>  
>  Does anyone know of a utility that will automatically block those
> IIS 
>  servers that constantly try to attack an Imail server to 
>  stop these constant
>  attempts to attack port 80?  Has anyone written a script 
>  that will add them
>  to the kill file?  I think this would be a great
>  script/software/enhancement!!!!
>  
>  20010924 204806 Socket Error - 63.237.172.134 Error while 
>  writing sockect
>  due to error 10054 or malicious connection type.
>  20010924 204806 Socket Error - 63.237.172.134 Error while 
>  writing sockect
>  due to error 10054 or malicious connection type.
>  20010924 204806 Socket Error - 63.237.172.134 Error while 
>  writing sockect
>  due to error 10054 or malicious connection type.
>  20010924 204807 Info - 63.237.172.134   GET 
>  /MSADC/root.exe?/c+dir HTTP/1.0.
>  
>  Anyone
>  
>  Tim D
>  
>  
>  
>  
>  
>  
>  
>  _______________________________________________________________
>  Sent using Novelty Mail the FREE EMAIL SERVICE. Click here 
http://noveltymail.com to get your own free email using this or ANY
of our fun domain names.

Please visit http://www.ipswitch.com/support/mailing-lists.html 
to be removed from this list.

An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Security 7.0.3

iQA/AwUBO6/mDms3k0eeKya0EQKfkACffSSWtWGcjJ6jTcGRcyb3M5t/pJEAn1oE
227lwmZTqLS9xlpQ0B2QceTj
=0sYJ
-----END PGP SIGNATURE-----


Please visit http://www.ipswitch.com/support/mailing-lists.html 
to be removed from this list.

An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/

Reply via email to