If you have access and administrative privileges to your border router (and you use Cisco equipment), you can block Nimda and Code Red-style attacks at the gateway. There's probably a way to do it with other vendor's equipment as well. Alternatively, you can put pressure on your ISP to do the same thing for you if you are not responsible for the management of your router.
The following from our Cisco consultant, to identify and route requests containing Nimda-specific URLs to null interface of the router: <snip> You will want to add these commands to your ISP router. It will mitigate most of the NIMDA virus items, but not the browser pieces. The router may need to be upgraded to at least a Cisco 2600 with IOS 12.1(5)T ip cef class-map match-any http-hacks match protocol http url "*default.ida*" match protocol http url "*x.ida*" match protocol http url "*.ida*" match protocol http url "*cmd.exe*" match protocol http url "*root.exe*" match protocol http url "*readme.eml*" policy-map mark-inbound-http-hacks class http-hacks set ip dscp 1 interface fastethernet1/0 (should be the ingress interface or the interface connected to the ISP network) service-policy input mark-inbound-http-hacks access-list 199 (may need to be altered based on any other access-lists present) permit ip any any dscp 1 route-map null_policy_route 11 match ip address 199 (same ACL number as above) set interface Null0 interface fastethernet1/0 (should be the ingress interface or the interface connected to the ISP network) ip policy route-map null_policy_route </snip> On Mon, 2002-01-28 at 09:49, Brian Clifton wrote: > Dear All > > Is there a way to stop apache responding to .exe file requests altogether? > > I am getting fed up with my error_log file being filled by nimbda and we don't host any .exe files!! I have been monitoring > it since the summer and the number of nimbda type entries appears to have started to go up again since xmas... > > Any thoughts greatly appreciated... > > Thanks in advance, Brian ___________________ Matthew A. Knecht System Administrator National Parks Conservation Association 202-454-3368 (desk) 202-302-0310 (cell) [EMAIL PROTECTED]
