RE: New IIS worm

urity@lists.debian.org # Subject: Re: New IIS worm # # # On Sun, Sep 23, 2001 at 02:08:40PM +1000, Sam Couter wrote: # > Karl E. Jorgensen <[EMAIL PROTECTED]> wrote: # > > Doesn't this leave you open to DOS attacks? I'm thinking # that source IP # > > addresses are re

RE: New IIS worm

ECTED] # Subject: Re: New IIS worm # # # On Sun, Sep 23, 2001 at 02:08:40PM +1000, Sam Couter wrote: # > Karl E. Jorgensen <[EMAIL PROTECTED]> wrote: # > > Doesn't this leave you open to DOS attacks? I'm thinking # that source IP # > > addresses are relatively eas

Re: New IIS worm

On Sun, Sep 23, 2001 at 02:08:40PM +1000, Sam Couter wrote: > Karl E. Jorgensen <[EMAIL PROTECTED]> wrote: > > Doesn't this leave you open to DOS attacks? I'm thinking that source IP > > addresses are relatively easy to forge, and hence an attacher can forge > > a nimda attach and cause you to bloc

Re: New IIS worm

On Sun, Sep 23, 2001 at 02:08:40PM +1000, Sam Couter wrote: > Karl E. Jorgensen <[EMAIL PROTECTED]> wrote: > > Doesn't this leave you open to DOS attacks? I'm thinking that source IP > > addresses are relatively easy to forge, and hence an attacher can forge > > a nimda attach and cause you to blo

Re: New IIS worm

Karl E. Jorgensen <[EMAIL PROTECTED]> wrote: > Doesn't this leave you open to DOS attacks? I'm thinking that source IP > addresses are relatively easy to forge, and hence an attacher can forge > a nimda attach and cause you to block off legitimate IP addresses - > ie. your DNS server our default ga

Re: New IIS worm

Karl E. Jorgensen <[EMAIL PROTECTED]> wrote: > Doesn't this leave you open to DOS attacks? I'm thinking that source IP > addresses are relatively easy to forge, and hence an attacher can forge > a nimda attach and cause you to block off legitimate IP addresses - > ie. your DNS server our default g

Re: New IIS worm

Message- > > > From: Emmanuel Valliet [mailto:[EMAIL PROTECTED] > > > Sent: Tuesday, September 18, 2001 8:09 PM > > > To: debian-security@lists.debian.org > > > Subject: Re: New IIS worm > > > > > > (2001-09-18) Emmanuel Valliet sed : > > &

Re: New IIS worm

essage- > > > From: Emmanuel Valliet [mailto:[EMAIL PROTECTED]] > > > Sent: Tuesday, September 18, 2001 8:09 PM > > > To: [EMAIL PROTECTED] > > > Subject: Re: New IIS worm > > > > > > (2001-09-18) Emmanuel Valliet sed : > > > | I

Re: New IIS worm

* Johann Schwarzmeier ([EMAIL PROTECTED]) [010921 14:25]: > Hello, > > Hint: see wat iv'ed done: > > /etc/apache/srm.conf: > Alias /c/winnt/system32/cmd.exe /usr/lib/cgi-bin/block.cgi > Alias /d/winnt/system32/cmd.exe /usr/lib/cgi-bin/block.cgi > > The CGI: > > echo "You come from : ${REMOTE_A

Re: New IIS worm

* Johann Schwarzmeier ([EMAIL PROTECTED]) [010921 14:25]: > Hello, > > Hint: see wat iv'ed done: > > /etc/apache/srm.conf: > Alias /c/winnt/system32/cmd.exe /usr/lib/cgi-bin/block.cgi > Alias /d/winnt/system32/cmd.exe /usr/lib/cgi-bin/block.cgi > > The CGI: > > echo "You come from : ${REMOTE_

Re: New IIS worm

he hosts.deny file for this also, no? > > Best Regards, Allen > > > -Original Message- > > From: Emmanuel Valliet [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, September 18, 2001 8:09 PM > > To: debian-security@lists.debian.org > > Subject: Re: New IIS

Re: New IIS worm

he hosts.deny file for this also, no? > > Best Regards, Allen > > > -Original Message- > > From: Emmanuel Valliet [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, September 18, 2001 8:09 PM > > To: [EMAIL PROTECTED] > > Subject: Re: New IIS worm > >

RE: New IIS worm

You could use the hosts.deny file for this also, no? Best Regards, Allen > -Original Message- > From: Emmanuel Valliet [mailto:[EMAIL PROTECTED] > Sent: Tuesday, September 18, 2001 8:09 PM > To: debian-security@lists.debian.org > Subject: Re: New IIS worm > > &g

RE: New IIS worm

You could use the hosts.deny file for this also, no? Best Regards, Allen > -Original Message- > From: Emmanuel Valliet [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, September 18, 2001 8:09 PM > To: [EMAIL PROTECTED] > Subject: Re: New IIS worm > > > (2001-09-

Re: New IIS worm

(2001-09-18) Emmanuel Valliet sed : | | I know we don't care on linux, but I have reallly a lot of hits from | machine querying for the ..%%35c../winnt/system32/cmd.exe and Cie. | And it starts to make a lot of apache childs, and the global charge | grows consequently. | Is there a way to pr

New IIS worm

I know we don't care on linux, but I have reallly a lot of hits from machine querying for the ..%%35c../winnt/system32/cmd.exe and Cie. And it starts to make a lot of apache childs, and the global charge grows consequently. Is there a way to protect from that ? Using an apache configuration trick

Re: New IIS worm

(2001-09-18) Emmanuel Valliet sed : | | I know we don't care on linux, but I have reallly a lot of hits from | machine querying for the ..%%35c../winnt/system32/cmd.exe and Cie. | And it starts to make a lot of apache childs, and the global charge | grows consequently. | Is there a way to p

New IIS worm

I know we don't care on linux, but I have reallly a lot of hits from machine querying for the ..%%35c../winnt/system32/cmd.exe and Cie. And it starts to make a lot of apache childs, and the global charge grows consequently. Is there a way to protect from that ? Using an apache configuration trick