On Wed, 14 Apr 2004, pmquan wrote: > But it is impossible with me, i have more than 4'000 concurrent clients > infected with this virus. I cant firewall all of them and they are using > dynamic ip address. Do you have another way?
iptables patch-o-matic has a match which could help in making a generic firewall rule blocking misbehaving stations.. just make sure to make reasonable exceptions for any child caches you may have. also make sure to use "half_closed_clients off" in squid.conf Use of proxy authentication should also quite effectively stop these worms, but will cost you quite a bit of CPU time on the proxy server.. In any event you need to make sure to have the infected stations cleaned one way or another. Regards Henrik
