> Perhaps you are not familiar with what BlackIce > does. BlackIce knows > what Code Red is, and it can stop it from hurting an > UNPATCHED W2K machine.
Perhaps you're not familiar with what Code Red does. First off, it doesn't attack the operating system, it attacks the web server. Second, all that is required to protect yourself against CR is to disable the ida/idq script mapping. In fact, disabling unused script mappings (ie, unnecessary or unused services/functionality) is not only common sense, but it's also all over every site that talks about information security. > And it can afford this kind of protection > vs. hundereds of other exploits as well. But disabling the script mappings is free, and it also protects against other attacks, as well. > Basically, you can have it watching every > single packet going to ALLOWED services (those that > are open due to > it being a webserver), and making sure that there is > nothing > malicious being attempted. Is that a good reason? But you'd have to define what "malicious" is, or hope that someone has added it to BlackICE. That being the case, I'd opt for using snort instead...it's free, and it runs on Win2K. Not only that, it gives me greater control, b/c I can write my own rules, and block packets based on whether an arbitrary bit in the packet is a 1 or a 0. That's control...and that's control I would have. > There is something to attack - it's a webserver. > There are numerous > attacks that are done with nothing more than mangled > http requests. > BlackIce can stop many of them. How can I be more > clear? That's very clear. But it's also very vague, in a way. Yes, some web servers will respond poorly to mangled http requests...but the OP never did mention that web server he was using, as far as I can remember. He said he was using Win2K, but he didn't specify the web server. Vulnerabilities that work on IIS don't necessarily work on Apache. Not every web server fails to handle mangled HTTP requests properly. > Ok, fair enough. I just didn't want to get into the > Steve Gibson thing here. Sure, I understand. Another way of handling is to simply not respond to it. However, telling someone via the list to NOT talk about SG is *talking* about SG...so you're actually doing what you're trying to avoid. __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com
