it's my home system, so I don't care if some one I don't know gets blocked. For production system it would be better to just filter as some one else said earlier. I run both tomcat and orion, so neither are vulnerable, but I rather not clean up logs every week because of stupid IIS exploits.
Another thing which admins should do is filter out going traffic from their network for this type of virus/trojan. Atleast I would, but not every has the time or inclination to do so. In any case, you could write a request filter in tomcat that will filter out all requests with ".exe". peter Ralph Einfeldt wrote: > > Blocking the IP can be a dangerous thing: > > - If there are several people behind a proxy, you will > disable all. > - If the attacking pc has a provider wih dynamic IP's > it dousn't help at all, it will just diable all > user users that get this IP in the future. > - It makes you vulnerable to dos attack. As it is possible > to fake IP adresses an attacker can disable the acces to > your site for a ig amount of people > > > -----Ursprüngliche Nachricht----- > > Von: peter lin [mailto:[EMAIL PROTECTED]] > > Gesendet: Donnerstag, 13. Juni 2002 14:32 > > An: Tomcat Users List > > Betreff: Re: Security - Attack > > > > apache and tomcat aren't vulnerable, but putting up a > > firewall to block the IP might be a good idea. For my > > own server I zone alarm pro, which will block IP trying > > this exact type of exploit. > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
