|
Firewall Wizards
mailing list archives
Re: NIMDA, how to stop it
From: "Robin S. Socha" <robin-dated-1010441423.019f5b () socha net>
Date: Fri, 04 Jan 2002 17:32:37 -0500
begin Alan_Young.scr <aryoung () veros com>:
speaking of NIMDA, as a general recommendation, what would you all
recommend as an effecive firewall setup to stop NIMDA?
Your idea of "firewall" appears to be a bit hazy. Nimda and its likes
are DoS attacks against a webserver launched by Microsoft products. So
you are looking at a way to combat a DoS attack. That requires strategic
planning, not clicking on a setup tool.
Can I stop NIMDA with just a PIX? Or do I need some sort of other
"virus firewall" in addition to our PIX?
There are no virus firewalls. Your idea of how Nimda and other
Microsoft-based DoS tools work also appears to be hazy. There are
commercial vendors that sell packet filters or proxy servers with
blacklisting abilities as "virus walls". But that's basically
brown-nosing.
So your strategy could e.g. to get strategic arms and nuke the people
who created the attack tools: http://www.enemy.org/gallery/jpg/campus.jpg
Another strategy could be to block access from the servers launching the
attacks. Comme this: http://tb.tf/nimda-block/ - which opens interesting
possibilities for ip-spoofing and having yourself shoot yourself in all
possible parts of your body.
Please forgive my ignorance, I cant search the archives (the search
function is broken) so I dont know if this has been asked before.
http://google.com/ always works.
I am sure I must be missing some fundamental firewall knowledge, I
suppose there are some good books on this topic???
Books? What's that?
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
 By Date 
By Thread
Current thread:
- NIMDA, how to stop it, (continued)
|
Intro
