Hi to all....
>>Patching IIS,
>>Dropping all outgoing packets from IIS Servers in the DMZ,
>>Using any alternative Web Server to IIS...
These are all good solutions....
But lem'me ask u sthg:
Why don't u use CP FW' s security server? (Checking with resource...)
For example, if Code Red is the case,
Why don't u put a rule above all the http-related rules such as;
Source Dest. Service Action
Any Any http->with resource Drop
And the http->with resource service will be defined as a New Resource ---- URI;
URI:
Connection Methods:Transparent, Proxy (perhaps not so nec. but doesn't give any headache at least...)
Schemes: http (only this will be enough..)
Methods: all (so as to guarantee...)
Host:*
Path:{*/default.ida?*}
Query:*
Save everythg, and install....
It should be noted that since mostly *.ida is useless, this rule presumably shouldn't harm any Web-Server-based applications...
