I heard BlackIce was useless. ZoneAlarm does a better job apparently.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Jon Hall
Sent: Tuesday, 31 July 2001 5:41 AM
To: CF-Talk
Subject: Re: Got the fellow, but....
This is why we keep BlackIce on all of our servers, and set it to accept
everything. It will still give you a heads up on potential bad guys and
allow you to block the ip address very quickly.
With all of the recent worm stuff going around, we decided to invest in
Cisco's IDS, and have it logging live to a SQL server database...very cool
stuff. IDS actually inspects every packet going across the wire and flags
suspicious traffic, which you can set custom actions to happen if a certain
flag goes up, like blocking the ip at the router. It even detects Sircam...
jon
At 03:14 PM 7/30/2001, you wrote:
>I'm doing a pretty intensive watch on my server stastics and log files
>in real-time. sometimes I see people who try stupid stuff like:
>
>/winnt/system32/cmd.exe and trying to url hack (with ;drop tables) .
>
>my question is: when I'm seeing the guy's IP address in the stas server
>or log files, and the guy is still causing problem (i,e - trying to hack)
>what can I do to him? can I throw him, and only him away?
>will adding him to the banned IP in IIS helps immediatly?
>
>any other alternatives?
>
>Michael.
>
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
