Hello Cameron,
Monday, September 24, 2001, 2:02:25 AM, you wrote:
[...]
CS> Instead, why not make a special chain for Nimda, and only divert processing to
CS> it for incoming SYN packets aimed at port 80? That way almost everything
CS> else goes through your normal tiny set of rules, and only incoming HTTP
CS> connections incur the analysis penalty.
CS> ipchains -I input -p tcp -y -d 0.0.0.0/0 http -j NIMDA
CS> and do the processing in the NIMDA chain.
Very good idea. It would seem that most of the Nimda infected
machines on the same class networks have either been disconnected or
patched. So this should now be a viable solution (with a lot less
than 2400 IPs). Thanks for the tip!
--
Best regards,
Brian Curtis
_______________________________________________
Seawolf-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/seawolf-list
