I use a Netscreen 5XP at home and one of the great features is Malicious URL filtering. You can naildown how long of a URL to accept (since Code Red and Nimda use long URLs as part of their attacks) to filter these. It does also offer buffer overflow protection but I am not sure how that works exactly.
-----Original Message----- From: Snow, Corey [mailto:[EMAIL PROTECTED]] Sent: Friday, July 12, 2002 1:56 PM To: 'Johan De Meersman' Cc: '[EMAIL PROTECTED]' Subject: RE: NT/2000 vs Unix based Web Servers > -----Original Message----- > From: Johan De Meersman [mailto:[EMAIL PROTECTED]] > Sent: Friday, July 12, 2002 8:05 AM > To: [EMAIL PROTECTED] > Subject: Re: NT/2000 vs Unix based Web Servers > > > how about you take whatever webserver you fancy, and throw a *nix > firewall in front of it ? :) > A good idea in principle, but it won't stop buffer overflows targeted at port 80- after all, the firewall would have to let such traffic through or the web server would be unavailable. Sophisticated firewalls exist for lots of cash that can block some attacks, but most off-the-shelf unixes with IPFILTER compiled into the kernel aren't going to handle that. Corey Snow ######################################################### The information contained in this e-mail and subsequent attachments may be privileged, confidential and protected from disclosure. This transmission is intended for the sole use of the individual and entity to whom it is addressed. If you are not the intended recipient, any dissemination, distribution or copying is strictly prohibited. If you think that you have received this message in error, please e-mail the sender at the above e-mail address. #########################################################
